Opening Ports In Your Firewall

Posted on by Patrick Hawkins | Updated:
Reading Time: 2 minutes

Occasionally, you will find that you need to open up a port in your firewall for some application or another. Depending on which firewall is installed on your server, there are several ways to go about this:

APF

Unfortunately, APF can only be configured by accessing the server over SSH, as the root user.

Once in your server, open the following file in your favorite text editor:


/etc/apf/conf.apf

Use your editor’s search function to find the following line:

# Common inbound (ingress) TCP ports
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995"

Besides this ingress TCP entry, you should also see similar lines for UDP and ICMP ports, and outbound (egress) entries for all three packet types. For the most part, when a program needs a port opened, it needs inbound TCP opened. If you open the port following these article, and you still encounter problems, check to make sure the program does not need outbound TCP opened, or another packet type altogether.

Add the port that your program is requesting by adding the port number to the list. Make sure it is separated from other ports by commas.

After saving and closing out of your text editor, you will need to restart APF. This is as simple as running:

apf -r

CSF

Unlike APF, CSF can be configured in Web Host Manager (WHM) as well as over SSH. The SSH instructions are remarkably similar; open up the following file:

/etc/csf/csf.conf

and add the port you need to open to the tcp_in or tcp_out line:

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,26"
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873"

Once complete, CSF needs to be restarted for the change to take effect:

csf -r

Change CSF Configuration File Within WHM

In WHM, type configserver in the Find bar in the upper left-hand corner. Click on ConfigServer Security&Firewall. On that page, click on the Firewall Configuration button:

csf_WHM_config

That page will allow you to edit the same file you would if you were accessing it over ssh:

csf_WHM_tcp

Like with the ssh instructions, add the necessary port to the list, then click Change at the bottom of the page to save your changes. After that is run, you will need to restart csf. Thankfully, the very next screen you will see has a button for that, Restart csf+lfd

BONUS CONTENT: Closing ports

Closing ports in either firewall are as simple as removing the port from the list in the configuration file, and restarting the firewall.

Always remember that if you would like assistance with your server’s firewall, you can always contact the Liquid Web Heroic Support Team, 24/7/365.

===

Liquid Web’s Heroic Support is always available to assist customers with this or any other issue. If you need our assistance please contact us:
Toll Free 1.800.580.4985
International 517.322.0434
support@liquidweb.com

Avatar for Patrick Hawkins

About the Author: Patrick Hawkins

Patrick Hawkins is a former Test Engineer and Managed WordPress admin with Liquid Web

Latest Articles

Blocking IP or whitelisting IP addresses with UFW

Read Article

CentOS Linux 7 end of life migrations

Read Article

Use ChatGPT to diagnose and resolve server issues

Read Article

What is SDDC VMware?

Read Article

Best authentication practices for email senders

Read Article