{"id":678,"date":"2021-07-23T12:35:27","date_gmt":"2021-07-23T12:35:27","guid":{"rendered":"https:\/\/ssdsunucum.com\/blog\/how-to-configure-your-firewall-for-cpanel-whm-services\/"},"modified":"2021-07-23T12:35:27","modified_gmt":"2021-07-23T12:35:27","slug":"how-to-configure-your-firewall-for-cpanel-whm-services","status":"publish","type":"post","link":"https:\/\/ssdsunucum.com\/blog\/how-to-configure-your-firewall-for-cpanel-whm-services\/","title":{"rendered":"How to Configure Your Firewall for cPanel & WHM Services"},"content":{"rendered":"<\/p>\n
\n
\n
\n

Valid for versions 94 through the latest version<\/em><\/p>\n<\/div>\n

\n

Version:<\/h4>\n

84<\/h4>\n

86<\/h4>\n

90<\/h4>\n

92<\/h4>\n

94<\/h4>\n<\/div><\/div>\n
\n

Overview<\/h2>\n

cPanel & WHM installs and manages many different services on your system, most of which require an external connection in order to function properly. Because of this, your firewall must<\/strong> allow cPanel & WHM to open the ports on which these services run.<\/p>\n

This document lists the ports that cPanel & WHM uses, and which services use each of these ports, to allow you to better configure your firewall.<\/p>\n

\n
Warning:<\/div>\n
\n
    \n
  • We strongly<\/strong> recommend that you only<\/strong> open ports for services that you use.<\/li>\n
  • When you work with firewall rules, always<\/strong> make certain to include a way to log back in to your server, and always<\/strong> maintain console access to your server.<\/li>\n<\/ul><\/div>\n<\/div>\n

    Ports<\/h2>\n
    \n
    Warning:<\/div>\n
    \n

    We strongly<\/strong> recommend that you use the SSL version of each service whenever possible:<\/p>\n

      \n
    • The use of non-SSL services can allow attackers to intercept sensitive information, such as login credentials.<\/li>\n
    • Always ensure that valid SSL certificates exist for your services in WHM\u2019s Manage Service SSL Certificates<\/em> interface (WHM >> Home >> Service Configuration >> Manage Service SSL Certificates<\/em>).<\/li>\n<\/ul><\/div>\n<\/div>\n
      \n
      Note:<\/div>\n
      \n

      For more information on how to access cPanel & WHM services, read our How to Access cPanel & WHM Services documentation.<\/p>\n<\/p><\/div>\n<\/div>\n

      cPanel & WHM uses the following ports:<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
      Port<\/th>\nService<\/th>\nTCP<\/th>\nUDP<\/th>\nInbound<\/th>\nOutbound<\/th>\nLocalhost<\/th>\nNotes<\/th>\n<\/tr>\n<\/thead>\n
      1<\/code><\/td>\nCPAN<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\nThe Show Available Modules<\/em> setting in cPanel\u2019s Perl Modules<\/em> interface (cPanel >> Home >> Software >> Perl Modules<\/em>) uses this port to improve the speed in which it appears.<\/td>\n<\/tr>\n
      20<\/code><\/td>\nFTP<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\nInstead of FTP, we recommend that you use the more-secure SFTP via SSH.<\/td>\n<\/tr>\n
      21<\/code><\/td>\nFTP<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      22<\/code><\/td>\nSSH<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\nYou must open this port before<\/strong> you use WHM\u2019s Transfer Tool<\/em> interface (WHM >> Home >> Transfers >> Transfer Tool<\/em>) when:<\/p>\n
        \n
      • You authenticate root<\/code> users with SSH keys.<\/li>\n
      • You are transferring from a server on cPanel & WHM version 88 or earlier.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
      25<\/code><\/td>\nSMTP<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      26<\/code><\/td>\nSMTP<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\ncPanel & WHM only<\/strong> uses this port if you specify it in WHM\u2019s Service Manager<\/em> interface (WHM >> Home >> Service Configuration >> Service Manager<\/em>).<\/td>\n<\/tr>\n
      37<\/code><\/td>\nrdate<\/code><\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      43<\/code><\/td>\nwhois<\/code><\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      53<\/code><\/td>\nDNS<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\ncPanel & WHM uses this port for the following functions:<\/p>\n
        \n
      • Public DNS services.<\/li>\n
      • Communication with root<\/code> nameservers for AutoSSL.<\/li>\n
      • Other functions that require name resolution.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
      80<\/code><\/td>\nhttpd<\/code><\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\nThis port serves the HTTP needs of services on the server. <\/p>\n
      \n
      Important:<\/div>\n
      \n
        \n
      • We strongly<\/strong> recommend that you encourage your users to use port 443<\/code>, which uses the more secure SSL\/TLS security protocol. For more information, read our More about TLS and SSL documentation.<\/li>\n
      • The cPanel Server Daemon (cpsrvd<\/code>) listens on this port when you disable<\/strong> the Web Server role. This daemon monitors cPanel & WHM services.<\/li>\n<\/ul><\/div>\n<\/div>\n<\/td>\n<\/tr>\n
      110<\/code><\/td>\nPOP3<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      113<\/code><\/td>\nident<\/code><\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      143<\/code><\/td>\nIMAP<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      443<\/code><\/td>\nhttpd<\/code><\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\nThis port serves the HTTPS needs of services on the server. <\/p>\n
      \n
      Note:<\/div>\n
      \n
        \n
      • This port can allow users to access cPanel or WHM via certain subdomains. For more information, read our Service and Proxy Subdomains documentation.<\/li>\n
      • The cPanel Server Daemon (cpsrvd<\/code>) listens on this port when you disable<\/strong> the Web Server role.<\/li>\n
      • WHM\u2019s Manage AutoSSL<\/em> interface (WHM >> Home >> SSL\/TLS >> Manage AutoSSL<\/em>) requires outbound access to the store.cpanel.net<\/code> server.<\/li>\n<\/ul><\/div>\n<\/div>\n<\/td>\n<\/tr>\n
      465<\/code><\/td>\nSMTP, SSL\/TLS<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n\n
      \n
      Important:<\/div>\n
      \n cPanel & WHM strongly<\/strong> recommends that you enable Transport Layer Security (TLS) protocol version 1.2 on your server.\n <\/div>\n<\/div>\n<\/td>\n<\/tr>\n
      579<\/code><\/td>\ncPHulk<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\nThis port should only<\/strong> accept connections on the 127.0.0.x IPv4<\/code> address. Your system does not<\/strong> require that this port accept external traffic.<\/td>\n<\/tr>\n
      587<\/code><\/td>\nExim<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      783<\/code><\/td>\nApache SpamAssassin\u2122<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      873<\/code><\/td>\nrsync<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      953<\/code><\/td>\nPowerDNS<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\nThis port should only<\/strong> accept connections on the 127.0.0.1 IPv4<\/code> address. Your system does not<\/strong> require that this port accept external traffic. <\/p>\n
      \n
      Note:<\/div>\n
      \n You must<\/strong> use this port when you run PowerDNS nameservers.\n <\/div>\n<\/div>\n<\/td>\n<\/tr>\n
      993<\/code><\/td>\nIMAP SSL<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      995<\/code><\/td>\nPOP3 SSL<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      2077<\/code><\/td>\nWebDAV<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\ncPanel\u2019s Web Disk<\/em> interface (cPanel >> Home >> Files >> Web Disk<\/em>) uses these ports.<\/td>\n<\/tr>\n
      2078<\/code><\/td>\nWebDAV SSL<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      2079<\/code><\/td>\nCalDAV and CardDAV<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      2080<\/code><\/td>\nCalDAV and CardDAV (SSL)<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      2082<\/code><\/td>\ncPanel and cPanel Licensing<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n\n
      \n
      Note:<\/div>\n
      \n To disable logins via this port and only allow SSL logins, set the Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs<\/em>. Formerly known as \u201cAlways redirect to SSL\/TLS\u201d<\/em> setting to On<\/em> in WHM\u2019s Tweak Settings<\/em> interface (WHM >> Home >> Server Configuration >> Tweak Settings<\/em>). This will redirect users to secure ports with the \/cpanel<\/code>, \/whm<\/code>, and \/webmail<\/code> aliases.\n <\/div>\n<\/div>\n<\/td>\n<\/tr>\n
      2083<\/code><\/td>\ncPanel SSL and cPanel Licensing<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      2086<\/code><\/td>\nWHM and cPanel Licensing<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n\n
      \n
      Note:<\/div>\n
      \n To disable logins via this port and only allow SSL logins, set the Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as \u201cAlways redirect to SSL\/TLS\u201d<\/em> setting to On<\/em> in WHM\u2019s Tweak Settings<\/em> interface (WHM >> Home >> Server Configuration >> Tweak Settings<\/em>). This will redirect users to secure ports with the \/cpanel<\/code>, \/whm<\/code>, and \/webmail<\/code> aliases.\n <\/div>\n<\/div>\n<\/td>\n<\/tr>\n
      2087<\/code><\/td>\nWHM SSL and cPanel Licensing<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      2089<\/code><\/td>\ncPanel Licensing<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n\n
      \n
      Important:<\/div>\n
      \n You must<\/strong> configure your system to permit outbound tcp connections from source ports 4<\/code> and 1020<\/code> to destination port 2089<\/code>. This will allow the server to contact the cPanel, L.L.C. license servers.\n <\/div>\n<\/div>\n<\/td>\n<\/tr>\n
      2095<\/code><\/td>\nWebmail<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n\n
      \n
      Note:<\/div>\n
      \n To disable logins via this port and only allow SSL logins, set the Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as \u201cAlways redirect to SSL\/TLS\u201d<\/em> setting to On<\/em> in WHM\u2019s Tweak Settings<\/em> interface (WHM >> Home >> Server Configuration >> Tweak Settings<\/em>). This will redirect users to secure ports with the \/cpanel<\/code>, \/whm<\/code>, and \/webmail<\/code> aliases.\n <\/div>\n<\/div>\n<\/td>\n<\/tr>\n
      2096<\/code><\/td>\nWebmail SSL and cPanel Licensing<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      2195<\/code><\/td>\nApple Push Notification service (APNs)<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\ncPanel & WHM only uses this port for the Apple\u00ae Push Notification Service (APNs). For more information, read our How to Set Up iOS Push Notifications documentation.<\/td>\n<\/tr>\n
      2703<\/code><\/td>\nRazor<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\nRazor is a collaborative spam-tracking database.<\/td>\n<\/tr>\n
      3306<\/code><\/td>\nMySQL\u00ae<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\nMySQL uses this port for remote database connections.<\/td>\n<\/tr>\n
      6277<\/code><\/td>\nDCC<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\nFor more information, read the Apache\u00ae DCC and NetTestFirewallIssues documentation.<\/td>\n<\/tr>\n
      24441<\/code><\/td>\nPyzor<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\n<\/td>\nFor more information, read Apache\u2019s Pyzor and NetTestFirewallIssues documentation.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

      The License Callback Mechanism<\/h3>\n

      The License Callback Mechanism immediately updates a server after the license changes in either Manage2 or the cPanel Store. It cannot make any changes to the server. It only<\/strong> alerts the server that a change as been made to the license. The license callback mechanism tries the following ports until one succeeds:<\/p>\n\n\n\n\n\n\n\n\n\n
      Service<\/th>\nPort<\/th>\nInbound<\/th>\nOutbound<\/th>\n<\/tr>\n<\/thead>\n
      cPanel<\/td>\n2082<\/code><\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      cPanel SSL<\/td>\n2083<\/code><\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      WHM<\/td>\n2086<\/code><\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      WHM SSL<\/td>\n2087<\/code><\/td>\n<\/td>\n<\/td>\n<\/tr>\n
      Webmail SSL<\/td>\n2096<\/code><\/td>\n<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
      \n
      Note:<\/div>\n
      \n

      At least one port in the above table must<\/strong> be open for the license callback mechanism to work. The server only accepts requests to this API from cPanel & WHM. The license system does not<\/strong> send any other information to the customer\u2019s server.<\/p>\n<\/p><\/div>\n<\/div>\n

      Example configurations<\/h2>\n
      \n
      Important:<\/div>\n
      \n
        \n
      • We do not<\/strong> recommend that you use these examples for your personal configurations. Instead, make certain<\/strong> that your firewall rules match the way in which you use cPanel & WHM\u2019s services.<\/li>\n
      • CentOS 8, AlmaLinux 8, and CloudLinux\u2122 8 servers have additional requirements. For more information, read the CentOS 8, AlmaLinux 8, and CloudLinux 8 firewall management section below.<\/li>\n
      • CentOS 7, CloudLinux\u2122 7, and Red Hat\u00ae Enterprise Linux\u00ae (RHEL) 7 servers have additional requirements. For more information, read the CentOS 7, CloudLinux 7, and RHEL 7 firewall management section below.<\/li>\n
      • Red Hat Enterprise Linux 8 deprecated the iptables<\/code> utility. While cPanel, L.L.C. does not support this version of RHEL, this change affects all cPanel-supported operating systems. We recommend the nftables<\/code> utility for servers that run CentOS 8, AlmaLinux 8, or CloudLinux 8. For servers that run CentOS 7, CloudLinux 7, or RHEL 7, we recommend that you use the firewalld<\/code> utility. For more information, read Red Hat\u2019s When to use firewalld, nftables, or iptables documentation.<\/li>\n<\/ul><\/div>\n<\/div>\n

        CentOS 8, AlmaLinux 8, and CloudLinux 8 firewall management<\/h3>\n
        \n
        Important:<\/div>\n
        \n

        We strongly<\/strong> recommend that you use the nftables<\/code> framework for your CentOS 8, AlmaLinux 8, or CloudLinux 8 firewall.<\/p>\n<\/p><\/div>\n<\/div>\n

        Use the nftables<\/code> framework instead of iptables<\/code> programs or legacy services in those operating systems. You can configure nftables<\/code> with the nft<\/code> command line tool. You will find the nftables<\/code> ruleset for your server in the \/etc\/sysconfig\/nftables.conf<\/code> file.<\/p>\n

        For example, to block traffic for a single IPv4 address, run the following command, where 192.168.0.0<\/code> is the IPv4 address that you wish to block:<\/p>\n

        nft add rule filter INPUT ip saddr 192.168.0.0 drop\n<\/code><\/pre>\n
        To block traffic for a single IPv6 address, run the following command, where 2001:0db8:0:0:1:0:0:1<\/code> is the IPv6 address that you wish to block:<\/p>\n
        nft add rule ip6 filter INPUT ip6 saddr [2001:0db8:0:0:1:0:0:1] drop\n<\/code><\/pre>\n
        For more information about the nftables<\/code> framework and the nft<\/code> tool, read Red Hat\u2019s Getting Started with nftables documentation.<\/p>\n
        CentOS 7, CloudLinux 7, and RHEL 7 firewall management<\/h3>\n
        We strongly<\/strong> recommend that servers which run the CentOS 7, CloudLinux 7, and RHEL 7 operating systems use the firewalld<\/code> daemon instead of iptables<\/code> programs or legacy services in those operating systems.<\/p>\n
        For example, to block traffic for a single IPv4 address, run the following command, where 192.168.0.0<\/code> is the IPv4 address that you wish to block:<\/p>\n
        firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0\" drop' --permanent\n<\/code><\/pre>\n
        To block traffic for a single IPv6 address, run the following command, where 2001:0db8:0:0:1:0:0:1<\/code> is the IPv6 address that you wish to block:<\/p>\n
        firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"[2001:0db8:0:0:1:0:0:1]\" drop' --permanent\n<\/code><\/pre>\n
        \n
        Important:<\/div>\n
        \n
        We recommend that you only<\/strong> use the firewall utilities on CentOS 7, CloudLinux 7, and RHEL 7 servers.<\/p>\n
          \n
        • If you use firewalld<\/code>, you must<\/strong> enable the daemon before you change the firewall settings. To do this, run the systemctl enable firewalld<\/code> command. If you do not enable the daemon, the system will erase any firewall changes when you reboot the server.<\/li>\n
        • If you use firewalld<\/code>, the system will remove the ipables-services<\/code> package through the yum package manager with the following command: yum remove iptables-service<\/code><\/li>\n
        • If you use the the legacy iptables<\/code> service, remove the firewalld<\/code> package through the yum package manager with the following command: yum remove firewalld<\/code><\/li>\n
        • If you use a third-party firewall management service, we recommend that you check the firewall\u2019s documentation before you remove the unused firewalld<\/code> or iptables<\/code> services.<\/li>\n<\/ul><\/div>\n<\/div>\n
          For more information about the firewall utilities and the firewalld<\/code> daemon, read Red Hat\u2019s Using Firewalls documentation.<\/p>\n
          The cpanel service<\/h4>\n
          \n
          Important:<\/div>\n
          \n
          The \/usr\/local\/cpanel\/scripts\/configure_firewall_for_cpanel<\/code> script clears all existing entries from the iptables<\/code> application. If you use custom rules for your firewall, export those rules before<\/strong> you run the script and then re-add them afterward.<\/p>\n<\/p><\/div>\n<\/div>\n
          cPanel & WHM also includes the cpanel<\/code> service, which manages all of the rules in the \/etc\/firewalld\/services\/cpanel.xml<\/code> file. This allows TCP access for the server\u2019s ports.<\/p>\n
          To replace your existing iptables<\/code> rules with the rules in the \/etc\/firewalld\/services\/cpanel.xml<\/code> file, perform the following steps:<\/p>\n
            \n
          1. Run the yum install firewalld<\/code> command to ensure that you have installed the firewalld<\/code> service daemon on your system.<\/li>\n
          2. Run the systemctl start firewalld.service<\/code> command to start the firewalld<\/code> service.<\/li>\n
          3. Run the systemctl enable firewalld<\/code> command to start the firewalld<\/code> service when the server starts.<\/li>\n
          4. Run the iptables-save > backupfile<\/code> command to save your existing firewall rules.<\/li>\n
          5. Run the \/usr\/local\/cpanel\/scripts\/configure_firewall_for_cpanel<\/code> script.<\/li>\n
          6. Run the iptables-restore < backupfile<\/code> command to incorporate your old firewall rules into the new firewall rules file.<\/li>\n<\/ol>\n
            Adding rules with the iptables utility<\/h3>\n
            The following examples explain how to add rules with ConfigServer Security & Firewall (CSF), Advanced Policy Firewall (APF), and the iptables<\/code> utility.<\/p>\n
            \n
            Remember:<\/div>\n
            \n
            Red Hat Enterprise Linux 8 deprecated the iptables<\/code> utility. While cPanel, L.L.C. does not support this version of RHEL, this change affects all cPanel-supported operating systems. We recommend the nftables<\/code> utility for servers that run CentOS 8, AlmaLinux 8, or CloudLinux 8. For servers that run CentOS 7, CloudLinux 7, or RHEL 7, we recommend that you use the firewalld<\/code> utility.<\/p>\n
            For more information, read Red Hat\u2019s When to use firewalld, nftables, or iptables documentation.<\/p>\n<\/p><\/div>\n<\/div>\n
            ConfigServer Security & Firewall<\/h4>\n
            ConfigServer provides the free WHM plugin ConfigServer Security & Firewall, which allows you to modify your iptables<\/code> rules within WHM. For information about how to install and configure CSF, read our Additional Security Software documentation.<\/p>\n
            Advanced Policy Firewall<\/h4>\n
            Advanced Policy Firewall (APF) acts as a front-end interface for the iptables<\/code> application, and allows you to open or close ports without the use of the iptables<\/code> syntax.<\/p>\n
            The following example includes two rules that you can add to the \/etc\/apf\/conf.apf<\/code> file in order to allow HTTP and HTTPS access to your system:<\/p>\n
            \n
            \n\n\n
            \n
            1\n<\/span>2\n<\/span>3\n<\/span><\/code><\/pre>\n<\/td>\n
            		\n
            # Common ingress (inbound) TCP ports<\/span>\nIG_TCP_CPORTS=<\/span>\"80,443\"<\/span>\nEG_TCP_CPORTS=<\/span>\"80\"<\/span><\/code><\/pre>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
            iptables<\/h4>\n
            The iptables<\/code> application offers more customization settings for your packet filtering rules. This application requires that you understand the TCP\/IP stack. For more information about the use of iptables<\/code>, visit the iptables site, or run the man iptables<\/code> command from the command line.<\/p>\n
            The following example includes iptables<\/code> rules for HTTP traffic on port 80<\/code>:<\/p>\n
            \n
            \n\n\n
            \n
            1\n<\/span>2\n<\/span><\/code><\/pre>\n<\/td>\n
            		\n
            $IPTABLES -<\/span>A FORWARD -<\/span>p TCP -<\/span>i 66.66.66.66<\/span> -<\/span>o eth0 -<\/span>d 192.168.1.1<\/span> -<\/span>dport 80<\/span> -<\/span>j allowed\n$IPTABLES -<\/span>A FORWARD -<\/span>p ICMP -<\/span>i 66.66.66.66<\/span> -<\/span>o eth0 -<\/span>d 192.168.1.1<\/span> -<\/span>j icmp_packets<\/code><\/pre>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
            \n
            Note:<\/div>\n
            \n
            This example assumes that a DMZ exists on eth0<\/code> for the 192.168.1.1<\/code> port, and the 66.66.66.66<\/code> broadcast IP address.<\/p>\n<\/p><\/div>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"
            Valid for versions 94 through the latest version Version: 84 86 90 92 94 Overview cPanel & WHM installs and manages many different services on your system, most of which require an external connection in order to function properly. Because of this, your firewall must allow cPanel & WHM to open the ports on which …<\/p>\n","protected":false},"author":1,"featured_media":679,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/678"}],"collection":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/comments?post=678"}],"version-history":[{"count":0,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/678\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media\/679"}],"wp:attachment":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media?parent=678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/categories?post=678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/tags?post=678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}