Learn about Centmin Mod LEMP Stack today
Become a Member

Master Branch remove ports 111 & 2049 from CSF Firewall whitelist by default

Discussion in 'Centmin Mod Github Commits' started by eva2000, Sep 9, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    29,035
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,784
    Local Time:
    8:42 AM
    Nginx 1.13.x
    MariaDB 5.5
    remove ports 111 & 2049 from CSF Firewall whitelist by default

    remove RPC/portmapper and NFS ports 111 and 2049 from CSF Firewall whitelist by default so that folks who
    only need it can open it up to specific server IP addresses see advance CSF Firewall rules at https://community.centminmod.com/posts/3731/
    examples for allowing 111, 2049 TCP/UDP ports for only source/destination IP = 11.22.33.44 to be added to /etc/csf/csf.allow
    restart of CSF service is required

    tcp|in|d=111|s=11.22.33.44
    tcp|in|d=2049|s=11.22.33.44
    tcp|out|d=111|d=11.22.33.44
    tcp|out|d=2049|d=11.22.33.44
    udp|in|d=111|s=11.22.33.44
    udp|in|d=2049|s=11.22.33.44
    udp|out|d=111|d=11.22.33.44
    udp|out|d=2049|d=11.22.33.44

    only remove ports 111, 2049 from TCP/UDP whitelist if detected NFS package not installed

    On updated Centmin Mod 123.08stable and 123.09beta01 and higher, just running centmin.sh again will auto remove the ports then you either manually restart CSF Firewall or wait for next CSF Firewall daily auto update to trigger the restart

    Continue reading...

    Centmin Mod Github Master branch

    Master branch is where most recent commits are made as at May 24, 2015.