How to Open a Port in CSF with WHM/cPanel

The Config Server Firewall offers several advantages over the Advanced Policy Firewall, including more robust protection against Denial of Service, SYN flood and other common attacks.

But one of its most appealing features is its plugin for WebHost Manager that allows you to quickly access firewall settings and common tasks through a graphical interface.

Pre-Flight Check

  • These instructions are intended specifically for opening (and closing) ports in the CSF firewall via WHM.
  • If you want to open or close a port in APF or CSF from the command line over SSH, see http://www.liquidweb.com/kb/opening-ports-in-your-firewall/.
  • If your server currently uses APF but you’d prefer CSF, contact Heroic Support® and request a switch. There is no charge, it typically takes only a few minutes, and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.

Step #1: Open the Firewall Management Page

  1. Once logged in to WHM, you will find the CSF interface under the Plugins section in the left menu.
  2. Click on ConfigServer Security&Firewall or begin typing “firewall” into WHM’s search box at the top left to quickly locate the link.

Step #2: Open Firewall Settings

  1. On the ConfigServer Security & Firewall page, click the Firewall Configuration button to enter advanced settings.

csfeditconfig

Step #3: Manage Ports

    1. On the Firewall Configuration screen, scroll down to the IPv4 Port Settings section.
    2. You will be editing the fields in the Allow incoming TCP ports and Allow outgoing TCP ports sections.

ports2

    • To allow incoming connections to a port, add the number to the TCP_IN = field.
    • To block incoming connections to a port, remove the port number from the TCP_IN = field.
    • To allow outgoing connections from a port, add the port number to the TCP_OUT = field.
    • To block outgoing connections from a port, remove the port number from the TCP_OUT = field.

Step #4: Save Changes and Restart the Firewallrestartcsf

  1. Scroll all the way to the bottom of the Firewall Configuration page and click the Change button to save the settings.
  2. After saving the settings, you will be given the option of restarting the firewall or returning to the settings page to continue editing. Since your changes will not take effect until the firewall is restarted, you will need to click the Restart csf+lfd button to apply the new settings.

Tip: Also Check Storm® Firewall Settings

Storm® Dedicated and VPS customers also have access to a separate Storm® Firewall.

If you are using the Storm® Firewall and have configured it to use advanced settings, you will want to ensure that the ports you’ve changed in WHM also are changed there.

  1. You can access your Storm® Firewall settings from Manage. After clicking on your server name, navigate to the Network section and select the Firewall tab.
  2. If it’s active and using advanced settings, you will need to replicate your port rule in the Storm® Firewall interface to ensure traffic can reach the port.
  3. Find more information and detailed instructions for managing the Storm® Firewall at How to Configure a Storm Firewall.

Find Detailed Information in Our Knowledge Base

To learn how to unblock an IP address via the command line, visit:

 

Be Sociable, Share!
Here's $75, Launch a New VPS Today. Find out why 30,000 customers have chosen our Best-in-Class Performance & 24x7 Heroic Support.