1 - Firewall

Docs 09 - Security
#1

CyberPanel follows deny all rules except for the ports opened by default, you can see default opened ports at: Server > Security > Firewall

Available Functions

  • Stop Firewall.

  • Start Firewall.

  • Reload.

  • Add/Delete Rules.

Add Firewall Rule

As I’ve mentioned above, CyberPanel follows deny all rules, so if you want to allow any port you can add from Server > Security > Firewall.

1021×426 44 KB

  1. Give this rule a name.

  2. Select protocol from dropdown either tcp or udp.

  3. Enter which port to open for specified protocol.

  4. Click ‘ADD’.

This will add rule and reload firewall.

Delete Firewall Rule

Just click on the cross on right side of the rule, this will delete the rule and reload firewall.

1 Like
#2

Dear Sir , Compare to UFW of Ubuntu, I do not like this FireWall, Few Functions. You See, I stop it . After I reboot the VPS or Machine, FireWall is turn to Status ON.
How Can I Delete this FireWall forever?

#3

systemctl stop firewalld

systemctl disable firewalld

#4

Many Many Thanks for your Command!
It is very very Great Help for me.

1 Like
#5

I guess I’m at the wrong page because Server > Security > Firewall takes me to the screenshot below

Security and Firewall
Security and Firewall1017×2225 177 KB

Kindly help me

#6

There’s no option to add rule or i am also missing it. Can you guys point to the right direction?

#7

Ok I have found the solution for how to block certain port on certain ip.

Things to note:

  • csf works by allowing one ip and/or port while blocking all others.
  • The fix was rather simple but i almost lost my server in process while trying to manually adjust iptables. It just wouldn’t work.
  • csf disables firewalld & modifies iptables rules by it self.

To allow certain port on one or range of ip’s do the following:

  1. Run

sudo nano /etc/csf/csf.allow

  1. Add entry like below to the above file. Format: tcp/udp|in/out|s/d=port|s/d=ip.
    Example: we want to block port 22 on one of the ip 192.168.0.5.

tcp|in|d=22|d=192.168.0.5

  1. Edit /etc/csf/csf.conf or if you have access to csf panel edit it there. Remove port under tcp_in or tcp_out

nano /etc/csf/csf.conf
find tcp_in port 22 and remove it

You can use the above method for any allow/deny entry etc. See readme on csf for more details, it is a very well written document.