Allowing Ports in CSF via Command Line

cPanel Server Management

What is CSF?

CSF stands for Config server Security And Firewall which is most commonly used in advanced firewall in Linux based servers. CSF is basically used as it simplifies managing your server’s base firewall settings. This CSF is used to detect intrusion or login, for suspicious file reporting, to block excessive connections, for SSH login notifications, for Stateful Packet Inspection (SPI), blocking and permitting IP addresses, and restricting access by port number.

The first thing we need to see if csf is currently running?

To check if CSF is running, type:

Using the Command Line Interface

• Login to the server using the SSH.
• Open the configuration file of the CSF.
• Open the configuration file using any editor.
•  vi /etc/csf/csf.conf (Take a backup of the configuration file before making any changes)
• To open the ports in csf you need to edit the following lines:

# Allow incoming TCP ports

TCP_IN = “20,21,22,25,26,53,80,110,143,443,465,587,993,995”

# Allow outgoing TCP ports

TCP_OUT = “20,21,22,25,26,37,43,53,80,110,113,443,465,873”

•  To allow incoming TCP connection on specific port you need to update the following line:

# Allow incoming TCP ports
TCP_IN = “20,21,22,25,26,53,80,110,143,443,465,587,993,995,2222”

In the above line I added port 2222.

• To allow outgoing TCP connection you need to edit following line:

# Allow outgoing TCP ports
TCP_OUT = “20,21,22,25,26,37,43,53,80,110,113,443,465,873,2222”

Add the port number at the end of the line between the quotes (“”). Use single comma to separate the port numbers. In the above line I added port 2222.

•  Close the file and save all changes. By using (:wq) in vi editor.
• Now restart the csf firewall to reflect the changes. By using csf -r.
•  

Note: Please always make a copy of the configuration file before m

cPanel Server Management