Bypass external firewall for cPanel VPS?

Portal Home > Knowledgebase > Articles Database > Bypass external firewall for cPanel VPS?

Posted by NeilAgg, 12-15-2009, 01:39 AM
Hello: I am wondering if people that subscribe to a cPanel VPS service would want the external firewall disabled for their VPS or would they want it set to restrict connections? What do typical hosting companies set their firewalls to do? Thanks, Neil
Posted by BTCentral - Ben, 12-15-2009, 04:36 AM
You will find this really does vary from provider to provider. For example, some providers I have used had no (noticeable) firewall what so ever, and left it completely up to the clients to configure. Others had various firewall rules pre-setup (as in via iptables) when you deployed an operating system image. I've not actually noticed any providers I've used doing pro-active filtering with a hardware firewall though.
Posted by webcertain, 12-15-2009, 05:48 AM
we've bought around 25 vps servers over the last year and only ever about 3 of those came with an external firewall on. from the providers pov i'd say it makes sense, as there's less risk to them if only common ports are open.
Posted by gregm11, 12-15-2009, 09:31 AM
If you are running cpanel without firewall then CSF firewall is recommended. CSF is a good software based firewall and pretty easy to configure. I would check with your host, and if they do have a firewall make sure the ports are open for you, for example ports 2087,2083,80,21,25, and 110
Posted by NeilAgg, 12-15-2009, 12:32 PM
Thanks fore the info. I guess the important question is: What do the customers want? Do they see an external firewall as an added value or as a detriment? We would like to protect the servers as much as possible but it seems customers do not care about security until *after* they get hacked. And then, they blame the hosting company even though we are doing exactly what they tell us to do.
Posted by DigitalLinx, 12-15-2009, 01:49 PM
IMO deploying an external firewall would limit the usage of the service. What if the customer wants to run a service which requires binding/listening on a non standard port, that's just one extra unneeded ticket. ddos appliance yes, firewall which blocks ports system wide would just cause problems.
Posted by UH-Bobby, 12-15-2009, 01:52 PM
I agree. It should be the under the customer's control for this.