/ Register

Learn about Centmin Mod LEMP Stack today
Register Now

Minimal Firewall Ports?

Discussion in 'System Administration' started by ethanpil, Jan 12, 2016.

Tags:
Previous Thread Next Thread
Loading...
  1. Jan 12, 2016 #1
    ethanpil

    ethanpil Active Member

    173
    55
    28
    Nov 8, 2015
    Ratings:
    +101
    Local Time:
    8:20 AM
    The default CSF configuration leaves quite a few ports open..

    Assuming the server functions as a web server only (no email services) couldnt we just stick with these?

    21, 22, 25, 53, 80, 443
    and I assume the 30001:50011 is for PASV ftp?

    Am I missing anything here?
     
  2. Jan 12, 2016 #2
    ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    12:20 AM
    1.9.12
    10.0.23
    If you wish to have no email services - then you can strip the port 25 .. The high ports are for sure to pasv - but you can perhaps lower the counts of pasv ports. About ftp - some still need to have port 20 open.. And 22 have to be changed with another port for shh instead of default if you make some changes on that.
     
  3. Jan 12, 2016 #3
    eva2000

    eva2000 Administrator Staff Member

    55,424
    12,257
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,839
    Local Time:
    8:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    see my reply at https://community.centminmod.com/posts/22176/ there's other ports that are required

    however, I posted a sticky in Centmin Mod Insights forum for a full listing at Centmin Mod LEMP stack CSF Firewall default port listing | Centmin Mod Community
     
  4. Jan 12, 2016 #4
    ethanpil

    ethanpil Active Member

    173
    55
    28
    Nov 8, 2015
    Ratings:
    +101
    Local Time:
    8:20 AM
    Thanks,. I see that post there, but since I am not running mail server (only sending mail from PHP) I think we can remove 465, 587, 993, 995

    That leaves me with the the following for 123.09beta01 I think this is the true minimum. And We can even exclude 25 if there is ZERO mail being sent. Maybe this should be in the sticky?
    • TCP = 21, 22, 25, 53, 80, 443, 9418, 30001:50011
    • UDP = 21, 53, 67, 68, 33434:33534
     
  5. Jan 12, 2016 #5
    eva2000

    eva2000 Administrator Staff Member

    55,424
    12,257
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,839
    Local Time:
    8:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
Previous Thread Next Thread
Loading...

.