Firewall
What ports do I need to open in my firewall?
A table of all ports and services.
Port | Service Name | Comment |
---|---|---|
20,21 | FTP | FTP will use a "random high port number" if the client is in PORT mode, so you may need to add a port range into your /etc/proftpd.conf file to allow FTP connections, e.g., PassivePorts 35000 35999, and then open that same port range as well in your firewall |
22 | SSH | default port for SSH access |
25,587 | Exim | SMTP for Exim to receive email |
53 | Named | TCP and UDP, so your sites resolve |
80,443 | Apacha/NGINX | Apache or Nginx traffic, HTTP and HTTPS |
110,143,993,995 | Dovecot | client Pop and Imap email access |
2222 | DirectAdmin | Accessing panel |
2703 | Razor | Optional: RAZOR check for SpamAssassin |
3306 | MySQL | You don't need to open this port if you don't want to allow remote MySQL access, as most MySQL scripts are all accessed locally. |
I need a firewall. What are my options?
You should be running a firewall!
The firewalls that come with your system don't usually have the required ports open, nor do they have the ability to automatically block attacking IPs.
Starting from DirectAdmin version 1.61.0 the direct CSF integration were implemented. Strongly recommend using it with Brute Force Monitor, check this howto article.
NOTE
For FTP with TLS, you must explicitly tell iptables to open ports 35000-35999 because ip_conntrack_ftp cannot decrypt the FTP data port, so it can't open it on the fly.
For CSF: http://forum.directadmin.com/showthread.php?t=50759&p=262589#post262589
For block_ip/iptables: http://forum.directadmin.com/showthread.php?t=50759&p=262346#post262346