1 - Firewall

CyberPanel follows deny all rules except for the ports opened by default, you can see default opened ports at: Server > Security > Firewall


Available Functions

  • Stop Firewall.

  • Start Firewall.

  • Reload.

  • Add/Delete Rules.


Add Firewall Rule

As I’ve mentioned above, CyberPanel follows deny all rules, so if you want to allow any port you can add from Server > Security > Firewall.

  1. Give this rule a name.

  2. Select protocol from dropdown either tcp or udp.

  3. Enter which port to open for specified protocol.

  4. Click ‘ADD’.

This will add rule and reload firewall.


Delete Firewall Rule

Just click on the cross on right side of the rule, this will delete the rule and reload firewall.

1 Like

Dear Sir , Compare to UFW of Ubuntu, I do not like this FireWall, Few Functions. You See, I stop it . After I reboot the VPS or Machine, FireWall is turn to Status ON.
How Can I Delete this FireWall forever?

systemctl stop firewalld

systemctl disable firewalld

Many Many Thanks for your Command!
It is very very Great Help for me.

1 Like

I guess I’m at the wrong page because Server > Security > Firewall takes me to the screenshot below

Kindly help me

There’s no option to add rule or i am also missing it. Can you guys point to the right direction?

Ok I have found the solution for how to block certain port on certain ip.

Things to note:

  • csf works by allowing one ip and/or port while blocking all others.
  • The fix was rather simple but i almost lost my server in process while trying to manually adjust iptables. It just wouldn’t work.
  • csf disables firewalld & modifies iptables rules by it self.

To allow certain port on one or range of ip’s do the following:

  1. Run

sudo nano /etc/csf/csf.allow

  1. Add entry like below to the above file. Format: tcp/udp|in/out|s/d=port|s/d=ip.
    Example: we want to block port 22 on one of the ip 192.168.0.5.

tcp|in|d=22|d=192.168.0.5

  1. Edit /etc/csf/csf.conf or if you have access to csf panel edit it there. Remove port under tcp_in or tcp_out

nano /etc/csf/csf.conf
find tcp_in port 22 and remove it

You can use the above method for any allow/deny entry etc. See readme on csf for more details, it is a very well written document.

Hello everyone! Are you new to CyberPanel? Don’t worry, I’ll explain easily.

When you first install Cyberpanel, you have a basic firewall like the one explained by ‘usmannasir’ at the beginning. You also have the option to install the advanced (and recommended) CSF firewall however, the control panel of this firewall is more difficult to understand at a glance, don’t worry, if you want to add a port just go to:

https://<YOURHOST>:<PORT>/firewall/csf

or here:

and then here to add the new port we want to allow.

and voila, added ports.
In my case use the port :8443 for the Cyberpanel panel.

Now, how do I quickly enable so I can login to my panel from the new port?

Simple, enter via FTP to your vps, then navigate here:

/usr/local/lscp/conf

and open the file

bind.conf

Change the port that is there (which should be *:8090) and put the one you want.
Restart your vps and enter from the new port

https://<YOURHOST>:<NEW PORT>

Well, now you are happy and your life is moving forward, a hug!

-----------------------------
Spanish Version:
Versión en Español:
Hola a todos! ¿Eres nuevo en CyberPanel? ¡No te preocupes, te explico fácil.

Cuando instalas Cyberpanel por primera vez, tienes un cortafuego básico cómo el que explica ‘usmannasir’ al comienzo. También tienes la opción de instalar el cortafuegos avanzado (y recomendado) de CSF sin embargo, el panel de control de este cortafuegos es mas dificil de entender a simple vista, no te preocupes, si deseas agregar un puerto simplemente dirigete a:

https://<YOURHOST>:<PORT>/firewall/csf

o aquí:

y aqui agrega los nuevos puertos que deseas permitir.

y listo, puertos agregados.
En mi caso utilice el puerto :8443 para el panel de Cyberpanel.

Ahora, ¿Cómo habilito rápidamente para poder ingresar a mi panel desde el nuevo puerto?

Sencillo, ingresa mediante FTP a tu vps, luego navega hasta aquí:

/usr/local/lscp/conf

y abre el archivo

bind.conf

Cambia el puerto que esta ahí (que debería ser *:8090) y pon el que quieras.
Reinicia tu vps y ingresa desde el nuevo puerto

https://<TUHOST>:<NUEVO PUERTO>

Bien, ahora eres feliz y tu vida sigue avanzando, un abrazo!