Posted By Shahid Malla

cPanel Server Security - Best Firewall Rules. - Shahid Malla - WHMCS Expert Freelancer

cPanel Server Security - Best Firewall Rules.

cPanel Server Security – Best Firewall Rules.

Here is a simple script that you can use as a starting point for a custom firewall on a cPanel server:

Copy code

#!/bin/bash
# Flush all existing rules
iptables -F
# Set default policies for each chain
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Allow incoming traffic on established and related connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Allow incoming traffic on loopback interface
iptables -A INPUT -i lo -j ACCEPT
# Allow incoming traffic on ports 80 and 443 (HTTP and HTTPS)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Allow incoming traffic for cPanel, WHM, and webmail
iptables -A INPUT -p tcp --dport 2082 -j ACCEPT
iptables -A INPUT -p tcp --dport 2083 -j ACCEPT
iptables -A INPUT -p tcp --dport 2086 -j ACCEPT
iptables -A INPUT -p tcp --dport 2087 -j ACCEPT
iptables -A INPUT -p tcp --dport 2095 -j ACCEPT
iptables -A INPUT -p tcp --dport 2096 -j ACCEPT
# Allow incoming traffic for FTP
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
# Allow incoming traffic for SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Allow incoming traffic for SMTP
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
# Allow incoming traffic for DNS
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
# Save the rules and exit
/sbin/service iptables save

This script will block all incoming traffic by default, except for traffic on established and related connections, the loopback interface, and a few specific ports that are commonly used by cPanel, WHM, webmail, FTP, SSH, SMTP, and DNS.

You can customize this script by adding or removing rules as needed for your specific server and requirements. For example, you may want to allow incoming traffic on additional ports for other services that you are running on your server. You may also want to implement additional security measures, such as rate limiting or connection tracking.

Remember to test your firewall rules carefully before applying them to your live server, to ensure that they are working as intended and not blocking any legitimate traffic.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x