cPanel Ports & Firewall Configuration

Today we will show you how to find out what are the cPanel Ports and how to Configure your Firewall to allow work normally for all your control panel based web services.
This system ports are used for many important areas of your web hosting services such as Email, Named, MySQL, and HTTP among others.

On this mini knowledge base that is part of our main cPanel hosting articles post you will also learn how to configure your cPanel email ports, as well as general cPanel  Ports on RHEL, CentOS and CloudLinux servers running CSF and APF Firewall. Let’s start with the fun stuff by listing the cpanel default open ports.

List of cPanel Ports

cPanel (control panel) & WHM (webhost manager) installation comes with lot of services installed by default. It’s up to you, your system administrator or web hosting company to review and uninstall all the software you won’t use, as more active services means more system resources destinated to those services, and more services to be exploited trough attacks.

20FTP alternative port & transfer protocol
21FTP (file transfer protocol)
22SSH Port (Secure Shell)
26SMTP alternative port
37rdate daemon
43whois server
53BIND dns server
80http server
110POP3 damon
143IMAP email port
443https (http over SSL for ssl certificates)
465SMTP, Secure SSL/TLS port
579cPHulk security tool
783SpamAssassin™ daemon
873rsync daemon
993IMAP over SSL
995POP3 over SSL
2077WebDAV service
2078WebDAV service over SSL
2079CalDAV and CardDAV
2080CalDAV and CardDAV over SSL
2082cPanel login port
2083cPanel login over SSL
2086WHM (webhost manager) login
2087WHM login over SSL
2089cPanel License Check
2096Webmail over SSL

Firewall Configuration

Please review this steps carefully to avoid getting locked yourself out of your server, make sure you whitelist your public internet connection IP before applying the definitive firewall rules. Never close your linux terminal (command line) and always keep your shell access open to your server while configuring and testing your firewall setup.

This firewall can only be setup if you have direct root access on a dedicated server or cloud vps as your hosting enviroment… on shared & reseller hosting plans like joomla hosting, wordpress webhosting, magento hosting, etc probably won’t be useful as they don’t offer root access to your server.

ConfigServer has built a great firewall called CSF, it provides a fully customizable shell and WHM firewall management interface, which allows you to edit, restart, stop and start your iptables rules easily. But to be honest, it is more than a simple iptables firewall, it’s a full packet inspection  firewall, a  intrusion detection system, and also a Linux server security application.

Install CSF Firewall

tar -xzf csf.tgz
cd csf & ./

Move to WHM >> Plugins >> ConfigServer & Firewall

Screenshot of cpanel ports firewall configuration using whm csf interface

Very important, in order to test your firewall settings, you must keep TESTING = “1”, this way if you get blocked from your own server, you can login again within a few minutes after the CSF cron clears the ipables rules, this is just in case you haven’t properly configured the ports in the firewall.

# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. incase you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
# lfd will not start while this is enabled

The port variables are as you see below:

# Allow incoming TCP ports
TCP_IN = "22,25,26,53,80,110,143,443,465,587,993,995,2077,2078"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,26,37,43,53,80,110,113,443,587,873,993,995,2086,2087,2089,2703"

# Allow incoming UDP ports
UDP_IN = "53"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "20,21,53,113,873,6277"

This is a basic cPanel port firewall config, you should explore the CSF documentation to configure your firewall properly, as it involves many more options to secure and harden your server ports as well as incoming and outgoing connections. You can also check out our full CSF Firewall installation guide for cPanel servers, in case you have any doubt about how to open a port in CSF.

Configuring Ports on APF Firewall

APF Firewall is another alternative to CSF Firewall, has been there even before CSF, and it’s a front end service for the netfilter/iptables firewall. Same as CSF, it’s not only a firewall management solution but a server security suite.

Install APF Firewall

tar -xvpzf apf-current.tar.gz
cd apf-*
sh ./

Now that your APF Firewall is installed, let’s configure it.

nano -w /etc/apf/conf.apf

Searach for ‘DEVEL_MODE’ variable and make sure its set to 1 until you are satisfied with your firewall settings.

# !!! Do not leave set to (1) !!!
# When set to enabled; 5 minute cronjob is set to stop the firewall. Set
# this off (0) when firewall is determined to be operating as desired.

Now let’s configure the ports needed on TCP and UDP variables:

# Configure inbound (ingress) accepted services. This is an optional
# feature; services and customized entries may be made directly to an ip's
# virtual net file located in the vnet/ directory. Format is comma separated
# and underscore separator for ranges.

# Common inbound (ingress) TCP ports

# Common inbound (ingress) UDP ports

# Outbound (egress) filtering

# Common outbound (egress) TCP ports

# Common outbound (egress) UDP ports

Once ready, restart APF to apply the changes:

service apf restart

This is just a basic APF firewall configuration, you should read APF Documentation and carefully review and re-configure your iptables firewall to match your own needs.


As we’ve seen on this post, both CSF and APF firewalls offer a solid solution for iptables rules and server security management, however we always recommend CSF as first solution as it’s updated more often than APF Firewall, and it’s a firewall that was built for cPanel platform.

Further reading:

About the Author: Santiago Borges

Experienced Sr. Linux SysAdmin and Web Technologist, passionate about building tools, automating processes, fixing server issues, troubleshooting, securing and optimizing high traffic websites.

Leave a Reply

Your email address will not be published. Required fields are marked *