Want more timely Centmin Mod News Updates?
Become a Member

Install Strict Firewall/ Client has hardware firewall default DROP

Discussion in 'Install & Upgrades or Pre-Install Questions' started by EckyBrazzz, Nov 1, 2019.

Tags:
  1. EckyBrazzz

    EckyBrazzz Active Member

    747
    149
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +274
    Local Time:
    4:56 PM
    1.17.x Cluster
    10.3.x Cluster & Redis
    Hi there,

    I need to know the ports for Centmin to keep working correct. Bumped into a situation with a setup that has a hardware firewall with everything as default "DROP" connection. (IN & OUT)

    Now I have quickly setup port 53, 80 (for domains with nothing and changed the default index.html to maintainance.html in the /nginx/html), 443 and a different SSH port with only access to some IP's.

    There are a lot of them in the /etc/csf/csf.conf but should I set all these IPv4 & IPv6??

    They want a secure environment, even without FTP.
     
  2. eva2000

    eva2000 Administrator Staff Member

    42,078
    9,497
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,613
    Local Time:
    4:56 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    • Informative Informative x 1
  3. EckyBrazzz

    EckyBrazzz Active Member

    747
    149
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +274
    Local Time:
    4:56 PM
    1.17.x Cluster
    10.3.x Cluster & Redis
    @eva2000 Thx, did not know that there were so many ports. But will only use several.
     
  4. eva2000

    eva2000 Administrator Staff Member

    42,078
    9,497
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,613
    Local Time:
    4:56 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    The end of post listing isn't all the ports that is used but what ports may be used for services/software too. The mentioned bare number of ports is in the linked post though and close to what Centmin Mod LEMP stack defaults to. Have to weigh up convenient vs know how. Otherwise, if you lock down too many ports, folks who are noobs will just have no idea why software they install post-Centmin Mod install don't work because they haven't configured CSF Firewall for them.