cPanel & WHM installs and manages many different services on your system. Most of these services require an external connection in order to function properly. Because of this, your firewall must allow cPanel & WHM to open the ports on which these services run. This document lists the ports that cPanel & WHM uses, and which services use each of these ports, to allow you to better configure your firewall.
We strongly recommend that you use the SSL version of each service whenever possible.
We recommend that you use SFTP via SSH, because it is more secure than FTP.
|SMTP||cPanel & WHM only uses this port if you specify it in WHM's Service Manager interface (Home >> Service Configuration >> Service Manager).|
|cPanel & WHM only uses this port if you run a public DNS server.|
|WHM's Manage AutoSSL feature (Home >> SSL/TLS >> Manage AutoSSL) requires outbound access to the |
|Razor||Razor is a collaborative spam-tracking database. For more information, visit the Razor website.|
|WebDAV||cPanel's Web Disk interface (Home >> Files >> Web Disk) uses this port.|
|WebDAV SSL||cPanel's Web Disk interface (Home >> Files >> Web Disk) uses this port.|
|CalDAV and CardDAV||cPanel's interface (Home >> Email >> Calendars and Contacts) uses this port.|
|CalDAV and CardDAV (SSL)||cPanel's interface (Home >> Email >> Calendars and Contacts) uses this port.|
You must open this port in order to contact the cPanel license servers.
|MySQL®||MySQL uses this port for remote database connections.|
|DCC||For more information, read Apache's DCC and NetTestFirewallIssues documentation.|
|Pyzor||For more information, read Apache's Pyzor and NetTestFirewallIssues documentation.|
The following examples illustrate how to add rules with CSF, APF, and the
ConfigServer provides the free WHM plugin CSF, which allows you to modify your
iptables rules within WHM. It is a stateful packet inspection (SPI) firewall, login, and intrusion detection mechanism, and general security application for Linux servers.
To install CSF, run the following commands as the
To configure CSF, use WHM's ConfigServer & Firewall interface (Home >> Plugins >> ConfigServer & Firewall).
For more information about how to install and use CSF, visit the CSF website.
APF acts as a frontend for the
iptables application, and allows you to open or close ports without the use of the
iptables syntax. For more information, read the APF site.
The following example includes two rules to add to the
/etc/apf/conf.apf file to allow HTTP and HTTPS access to your system:
While CSF and APF are easy to use, the
iptables application offers more customization options for your packet filtering rules. The
iptables application requires that you understand the TCP/IP stack. For more information, visit the iptables site or run the
man iptables command from the command line.
The following example includes
iptables rules for HTTP traffic on port
This example assumes that you have a DMZ set up on
192.168.1.1 and a broadcast IP address of
Servers that run the CentOS 7, CloudLinux 7, and RHEL 7 operating systems require that you use the
iptablescommand for temporary firewall rules, we recommend that you only use the
firewallutilities on CentOS 7, CloudLinux 7, and RHEL 7 servers.
firewallutilities and the
firewallddaemon, read Red Hat's Using Firewalls documentation.
cPanel & WHM version 11.50 and later also includes the
cpanel service, which manages all of the rules in the
/etc/firewalld/services/cpanel.xml file. This allows TCP access for the server's ports.
To add these rules automatically, perform the following steps:
yum install firewalldcommand to ensure that your system has
systemctl start firewalld.servicecommand to start the
There is no content with the specified labels