Join the community today
Become a Member

CSF CSF default open ports

Discussion in 'Other Centmin Mod Installed software' started by Sean, Oct 29, 2015.

  1. Sean

    Sean New Member

    16
    2
    3
    Oct 23, 2015
    Ratings:
    +8
    Local Time:
    3:33 AM
    1.8
    not using Maria yet
    Just installed and I am locked out. I haven't changed the ssh port. I am in an OpenVZ (AWS) and I read about the IPSET limitation on OpenVZ, does this mean I should disable CSF? Should I enter iptables entries or not, and is port 22 open to anywhere by default?

    Thanks for any responses,
    Sean
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,154
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    5:33 PM
    Nginx 1.13.x
    MariaDB 5.5
    no leave CSF enabled.. it just runs without IPSET if on OpenVZ

    by default it's enabled for port 22 and other preset whitelisted ports centminmod/csfinstall.inc at 123.08stable · centminmod/centminmod · GitHub

    who's your web host ? do you have dynamic ip or static ip ?

    if dynamic ip, see FAQ item 29, Getting Started Step 4, and CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS
     
  3. Sean

    Sean New Member

    16
    2
    3
    Oct 23, 2015
    Ratings:
    +8
    Local Time:
    3:33 AM
    1.8
    not using Maria yet
    I am using AWS with an Elastic IP. My home IP is dynamic. Do I have to whitelist an IP? Because I did not. Arghh.

    Thanks for getting back eva2000!

    P.S. One point you did not answer is whether or not I need to set iptables entries. I am thinkng that's a no.
     
  4. Sean

    Sean New Member

    16
    2
    3
    Oct 23, 2015
    Ratings:
    +8
    Local Time:
    3:33 AM
    1.8
    not using Maria yet
    Also, can I just leave 22 open to anywhere. I use the AWS to open 22 to my home IP when I want and only when I want and then close it when I am done.

    BR,
    Sean
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,154
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    5:33 PM
    Nginx 1.13.x
    MariaDB 5.5
    no need as csf interfaces with iptables
    CSF firewall auto whitelists the ip address it detects for it's user/client ssh login so usually that takes care of it unless you have a dynamic ip or unusual home pc setup i.e. if you have some proxy or virtual ip i.e. some clients ip detect as 127.0.0.1 to csf firewall

    wouldn't advise that generallly

    do you mean you have AWS EC2 server ssh into your centmin mod server via port 22 ? then csf firewall should of whitelisted your AWS EC2 server's IP address

    or do you mean AWS EC2 is where you installed centmin mod ? so you had 2 firewalls at EC2 level and CSF local server level ?
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,154
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    5:33 PM
    Nginx 1.13.x
    MariaDB 5.5
    For backup purposes, a dynamic IP setup CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS or using a private VPN server ip to connect to centmin mod server and whitelist that VPN ip would also help. If you have other servers, whitelist those ips within CSF too so you have other avenues of entry to server if you can not from home IP
     
  7. Sean

    Sean New Member

    16
    2
    3
    Oct 23, 2015
    Ratings:
    +8
    Local Time:
    3:33 AM
    1.8
    not using Maria yet
    Yes Amazon has an EC2 instance OS level firewall (csf, iptables) and a firewall in front of the EC2 instance so I leave 22 open on the instance and closed on the AWS firewall. Then when I ssh, I first open the AWS firewall to my dynamic IP, which AWS firewall detects. So, with csf I MUST first whitellist an IP. Got it.

    Eva Thanks,
    Sean
     
    • Like Like x 1
  8. Eduardo

    Eduardo New Member

    27
    3
    3
    Feb 7, 2015
    Ratings:
    +5
    Local Time:
    5:33 AM
    1.7.9
    my centmin csf have alot of ports open for in/out both tcp and udp, I'm thinking about remove all and open one by one.
    Which ports i should left open?

    80 http; 443 https; 21 ftp; passive ftp range; custom ssh port;

    What more?
     
  9. eva2000

    eva2000 Administrator Staff Member

    30,154
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    5:33 PM
    Nginx 1.13.x
    MariaDB 5.5
    Last edited: Dec 13, 2015
    • Like Like x 1
  10. eva2000

    eva2000 Administrator Staff Member

    30,154
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    5:33 PM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 1