Want more timely Centmin Mod News Updates?
Become a Member

Minimal Firewall Ports?

Discussion in 'System Administration' started by ethanpil, Jan 12, 2016.

  1. ethanpil

    ethanpil Active Member

    168
    47
    28
    Nov 8, 2015
    Ratings:
    +87
    Local Time:
    12:08 PM
    The default CSF configuration leaves quite a few ports open..

    Assuming the server functions as a web server only (no email services) couldnt we just stick with these?

    21, 22, 25, 53, 80, 443
    and I assume the 30001:50011 is for PASV ftp?

    Am I missing anything here?
     
  2. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    4:08 AM
    1.9.12
    10.0.23
    If you wish to have no email services - then you can strip the port 25 .. The high ports are for sure to pasv - but you can perhaps lower the counts of pasv ports. About ftp - some still need to have port 20 open.. And 22 have to be changed with another port for shh instead of default if you make some changes on that.
     
  3. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    12:08 PM
    Nginx 1.13.x
    MariaDB 5.5
    see my reply at https://community.centminmod.com/posts/22176/ there's other ports that are required

    however, I posted a sticky in Centmin Mod Insights forum for a full listing at Centmin Mod LEMP stack CSF Firewall default port listing | Centmin Mod Community
     
    • Like Like x 1
  4. ethanpil

    ethanpil Active Member

    168
    47
    28
    Nov 8, 2015
    Ratings:
    +87
    Local Time:
    12:08 PM
    Thanks,. I see that post there, but since I am not running mail server (only sending mail from PHP) I think we can remove 465, 587, 993, 995

    That leaves me with the the following for 123.09beta01 I think this is the true minimum. And We can even exclude 25 if there is ZERO mail being sent. Maybe this should be in the sticky?
    • TCP = 21, 22, 25, 53, 80, 443, 9418, 30001:50011
    • UDP = 21, 53, 67, 68, 33434:33534
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    12:08 PM
    Nginx 1.13.x
    MariaDB 5.5