Opening Ports In Your Firewall

Occasionally you will find that you need to open up a port in your firewall for some application or another. Depending on which firewall is installed on your server, there are several ways to go about this:


Unfortunately, APF can only be configured by accessing the server over ssh, as the root user.

Once in your server, open the following file in your favorite text editor:


Use your editor’s search function to find the following line:

# Common inbound (ingress) TCP ports

Besides this ingress TCP entry, you should also see similar lines for UDP and ICMP ports, and outbound (egress) entries for all three packet types. For the most part, when a program needs a port opened, it needs inbound TCP opened. If you open the port following these article, and you still encounter problems, check to make sure the program does not need outbound TCP opened, or another packet type altogether.

Add the port that your program is requesting by adding the port number to the list. Make sure it is separated from other ports by commas.

After saving and closing out of your text editor, you will need to restart APF. This is as simple as running:

apf -r


Unlike APF, CSF can be configured in Web Host Manager (WHM) as well as over ssh. The ssh instructions are remarkably similar; open up the following file:


and add the port you mean to open to the needed line:

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,26"
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873"

CSF then needs to be restarted for the change to take effect:

csf -r

From Within WHM

In WHM, type configserver in the Find bar in the upper left hand corner. Click on ConfigServer Security&Firewall. On that page, click on the Firewall Configuration button:

That page will allow you to edit the exact same file you would if you were accessing it over ssh:

Like with the ssh instructions, add the necessary port to the list, then click Change at the bottom of the page to save your changes. After that is run, you will need to restart csf. Thankfully, the very next screen you will see has a button for that, Restart csf+lfd

BONUS CONTENT: Closing ports

Closing ports in either firewall are as simple as removing the port from the list in the configuration file, and restarting the firewall.

Always remember that if you would like assistance with your server’s firewall, you can always contact the Liquid Web Heroic Support Team, 24/7/365.


Liquid Web’s Heroic Support is always available to assist customers with this or any other issue. If you need our assistance please contact us:
Toll Free 1.800.580.4985
International 517.322.0434

Be Sociable, Share!
Here's $75, Launch a New VPS Today. Find out why 30,000 customers have chosen our Best-in-Class Performance & 24x7 Heroic Support.