How To Unblock IP address from command line in CSF Firewall
In order Unblock IP address from CSF Firewall at command line you need to execute below mentioned commands.
Login into the server via shell access and go to the path of CSF firewall.
Edit the file csf.deny.
Remove the IP address from the list and save the file.
Once the IP address removed we need to restart the Firewall.
To Restart Firewall one need to execute below mentioned command.
TCP and UDP Ports for Cpanel Server Firewall
Incoming TCP ports
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,2242″
Outgoing TCP ports
TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703″
Incoming UDP ports
Outgoing UDP ports
UDP_OUT = “20,21,53,113,123,873,6277″
Using the built-in Plesk firewall
Although you could edit the firewall from the command-line it is much easier using Plesk’s firewall instead.
Just navigate to Modules > Firewall. If you have a static IP address you can create rules so that the server will only allow access from your IP address at your home and/or office.
By default the SSH standard port number is 22. If you look at your logs you might see a large number bad login attempts on that port. Changing this port number is a simple way to make your server more secure. To change the port number login as root and run the following command:
Find the line that says:
Change this line to another port number above 1024. Using a port number above 1024 prevents scans like nmap picking up ssh.
Save the sshd_config file and then restart sshd.
How to Install KISS My Firewall on Ensim Control Panel
KISS My Firewall is a FREE iptables script designed for a typical web server. It takes advantage of the latest firewall technologies including stateful packet inspection and connection tracking. It also contains some preventative measures for port scanning, DoS attacks, and IP spoofing, among other things.
KISS My Firewall 2 is very easy to install and does not require any initial configuration. It will work with any stock installation of Ensim WEBppliance Basic & Pro, Plesk, and Webmin. Cpanel installations require some modifications.
When logged in as root ( “su -” ), type:
cd /usr/bin
wget http://www.indotek.com/kiss/kiss-2.2.tar.gz
tar zxvf kiss-2.2.tar.gz
That’s it! To get it running anywhere on the command line, you simply type:
To stop the firewall, type:
To get status information, type:
If you want to block an offenders IP address/subnet, simply edit the BLOCK_LIST variable in the /usr/bin/kiss file. You can separate IP addresses and subnet’s with a space. Once you are finished, simply restart KISS by typing:
Recommended firewall setup for Ensim Pro for Linux
The following is the list of ports used by Ensim Pro for Linux that need to be open if the server is installed behind a firewall.
TCP Port Service
20 FTP Data
21 FTP
22 SSH
23 Telnet
25 Sendmail SMTP
53 DNS
80 HTTP
110 POP3
143 IMAP
443 SSL
783 Spamassassin
3306 MySQL
19638 Control panel
UDP Port Service
