With CWP you can simply configure CSF/LFD firewall by using CSF Firewall module.
In CWP.admin go to: Left-Menu --> Security --> CSF Firewall
Here you can whitelist, block or unblock IPs.
For additional configuration you can click on Firewall Configuration button and there you can check or edit CSF firewall configuration.
** Don't forget to restart the firewall after you have made configuration changes!
CSF Firewall Open Ports
Open ports are listed as TCP_IN, TCP_OUT, UDP_IN and UDP_OUT
If you need to open a range of ports, for example from 30000 to 50000, you can do that simply by setting: 30000:50000.
Example configuration
# Allow incoming TCP ports TCP_IN = "20,21,29950,25,53,80,110,143,443,465,587,993,995,2030,2031,30000:50000" # Allow outgoing TCP ports TCP_OUT = "20,21,29950,25,53,80,110,113,443,2030,2031,30000:50000,993,995" # Allow incoming UDP ports UDP_IN = "20,21,53" # Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list UDP_OUT = "20,21,53,113,123" # Allow incoming PING ICMP_IN = "1"
Video instructions
How to stop LFD process alerts/notifications
Example alert: Excessive resource usage
Executable: /usr/local/bin/php-cgi Command Line: /usr/local/bin/php-cgi /home/USERNAME/public_html/index.php PID: 23323 (Parent PID:22635) Killed: No
you can simply white list them in your firewall by adding in the file: /etc/csf/csf.pignore
exe:/usr/local/bin/php-cgi
and then restart lfd: "service lfd restart"
Recommended CSF/LFD Configuration for CWP
Configuration file: /etc/csf/csf.conf
LF_SSHD = "7" LF_SSHD_PERM = "1" LF_FTPD = "7" LF_FTPD_PERM = "1" LF_POP3D = "7" LF_POP3D_PERM = "1" LF_IMAPD = "7" LF_IMAPD_PERM = "1" LF_SMTPAUTH = "7" LF_SMTPAUTH_PERM = "1" LF_HTACCESS = "7" LF_HTACCESS_PERM = "1" LF_MODSEC = "7" LF_MODSEC_PERM = "1"
log paths :
HTACCESS_LOG = "/usr/local/apache/logs/error_log" MODSEC_LOG = "/usr/local/apache/logs/error_log" SSHD_LOG = "/var/log/secure" FTPD_LOG = "/var/log/messages" POP3D_LOG = "/var/log/dovecot-info.log" IMAPD_LOG = "/var/log/dovecot-info.log" SMTPAUTH_LOG = "/var/log/maillog"
Custom regex for mod security, file /etc/csf/regex.custom.pm :
#mod_security
if (($config{LF_MODSEC}) and ($globlogs{MODSEC_LOG}{$lgfile}) and ($line =~ /^\[\S+ \S+ \S+ \S+ \S+\] \[(\w*)?:error\] (\[pid \d+(:tid \d+)\]) \[client \S+:\S+\] \[client (\S+)\] ModSecurity:(( \[[^\]]+\])*)? Access denied/)) {
my $ip = $4;
$ip =~ s/^::ffff://;
if (split(/:/,$ip) == 2) {$ip =~ s/:\d+$//}
my $ruleid = "unknown";
if ($line =~ /\[id "(\d+)"\]/) {$ruleid = $1}
if (checkip(\$ip)) {return ("mod_security (id:$ruleid) triggered by","$ip","mod_security-custom","4","80,443","1")} else {return}
}