What ports do I need to open in my firewall?
A table of all ports and services.
|20,21||FTP||FTP will use a "random high port number" if the client is in PORT mode, so you may need to add a port range into your |
|22||SSH||default port for SSH access|
|25,587||Exim||SMTP for Exim to receive email|
|53||Named||TCP and UDP, so your sites resolve|
|80,443||Apacha/NGINX||Apache or Nginx traffic, HTTP and HTTPS|
|110,143,993,995||Dovecot||client Pop and Imap email access|
|2703||Razor||Optional: RAZOR check for SpamAssassin|
|3306||MySQL||You don't need to open this port if you don't want to allow remote MySQL access, as most MySQL scripts are all accessed locally.|
I need a firewall. What are my options?
You should be running a firewall!
The firewalls that come with your system don't usually have the required ports open, nor do they have the ability to automatically block attacking IPs.
Starting from DirectAdmin version 1.61.0 the direct CSF integration were implemented. Strongly recommend using it with Brute Force Monitor, check this howto article.
For FTP with TLS, you must explicitly tell iptables to open ports 35000-35999 because ip_conntrack_ftp cannot decrypt the FTP data port, so it can't open it on the fly.
For CSF: http://forum.directadmin.com/showthread.php?t=50759&p=262589#post262589
For block_ip/iptables: http://forum.directadmin.com/showthread.php?t=50759&p=262346#post262346