cPanel and WHM act both as installers and managers for many of the services on a system. To operate to their fullest, you need to connect many of these services to an external port. This said, you have to configure your firewall so that cPanel & WHM can open and use the ports these services have to run on.
Keep in mind though, that you do not want attacks on your system to happen, so only open ports that the services you want to use require. Also, to ensure your server does not lock you out or prohibit you from logging back in, make certain you configure your firewall in such a way that it includes a setting enabling you to log back in the server.
Port Security 101
Whenever possible, it is best you utilize each of the service’s appropriate SSL version. The primary reason for this is because using non-SSL services opens up opportunities for attackers and unscrupulous individuals to gain access to, intercept, or even steal sensitive information, such as your login credentials.
Also, prior to opening ports, make sure the services you want to use already have their SSL certificates installed in WHM’s Manage Service SSL Certificates interface.
Important notes on ports
Your system relies on many different ports for various services. However, some services require more attention and care, including the following:
CSF Sample Firewall Configuration
ConfigServer allows WHM users free access and use of the CSF plugin, enabling them to modify iptables rules. This stateful packet inspection (SPI) firewall, also serves as a mechanism for logging in, detecting intrusions, and delivering general Linux-server security.
To make changes to CSF’s configuration, you can simply run it through WHM’s ConfigServer & Firewall interface.
APF Sample Firewall Configuration
APF serves as the iptables application’s frontend, allowing users to either open or close ports without having to rely on the iptables syntax.
Add these two rules to the /etc/apf/conf.apf file so that HTTP/HTTPS can access the system:
CentOS 7, CloudLinux 7, and RHEL 7 Sample Firewall Configuration
When your servers run CentOS 7, CloudLinux 7, or RHEL 7 OS, you need to use the firewalld daemon.