TCP and UDP Ports for Cpanel Server Firewall
Incoming TCP ports
Outgoing TCP ports
Incoming UDP ports
Outgoing UDP ports
Using the built-in Plesk firewall
Although you could edit the firewall from the command-line it is much easier using Plesk’s firewall instead.
Just navigate to Modules > Firewall. If you have a static IP address you can create rules so that the server will only allow access from your IP address at your home and/or office.
By default the SSH standard port number is 22. If you look at your logs you might see a large number bad login attempts on that port. Changing this port number is a simple way to make your server more secure. To change the port number login as root and run the following command:
Find the line that says:
Change this line to another port number above 1024. Using a port number above 1024 prevents scans like nmap picking up ssh.
Save the sshd_config file and then restart sshd.
How to Install KISS My Firewall on Ensim Control Panel
KISS My Firewall is a FREE iptables script designed for a typical web server. It takes advantage of the latest firewall technologies including stateful packet inspection and connection tracking. It also contains some preventative measures for port scanning, DoS attacks, and IP spoofing, among other things.
KISS My Firewall 2 is very easy to install and does not require any initial configuration. It will work with any stock installation of Ensim WEBppliance Basic & Pro, Plesk, and Webmin. Cpanel installations require some modifications.
When logged in as root ( “su -” ), type:
That’s it! To get it running anywhere on the command line, you simply type:
To stop the firewall, type:
To get status information, type:
If you want to block an offenders IP address/subnet, simply edit the BLOCK_LIST variable in the /usr/bin/kiss file. You can separate IP addresses and subnet’s with a space. Once you are finished, simply restart KISS by typing:
Recommended firewall setup for Ensim Pro for Linux
The following is the list of ports used by Ensim Pro for Linux that need to be open if the server is installed behind a firewall.
TCP Port Service
UDP Port Service
Predefined Firewall Rules Specifications in Plesk Panel
The following table lists the system services to which you can restrict access using the Firewall’s predefined rules.
Samba (file sharing on Windows networks) UDP 137, UDP 138, TCP 139, TCP 445
Parallels Plesk Panel VPN UDP 1194
WWW server TCP 80, TCP 443
FTP server TCP 21
SSH (secure shell) server TCP 22
SMTP (mail sending) server TCP 25, TCP 465
POP3 (mail retrieval) server TCP 110, TCP 995
IMAP (mail retrieval) server TCP 143, TCP 993
Mail password change service TCP 106
MySQL server TCP 3306
PostgreSQL server TCP 5432
Tomcat administrative interface TCP 9008, TCP 9080
Domain name server UDP 53, TCP 53
Home serverbuddies
© 2010 ServerBuddies Support Blog.Original WP theme by: nodethirtythree
www.serverbuddies.com