Allowing Ports in APF

Allow Ports in APF Hero Image

One of the most important aspects of server security is the firewall server configuration. Generally speaking, firewalls function by preventing unauthorized traffic from accessing your server. By default, APF (Advanced Policy Firewall) blocks most ports except those needed for web servers to operate, such as port 80, 443, etc. Occasionally, you may need to open ports for specific software operations. Unfortunately, as there is no default way to modify APF within WHM, you can only add IP addresses to the firewall’s whitelist via the command-line interface. In this article, we will outline the process of allowing specific ports in APF.

Allow Access to a Specific Port from all IPs

  1. First, log into your Dedicated Server via SSH as the root user.
     
  2. Next, edit the following file with a text editor. In the below example, we will be using vim.
    vim /etc/apf/conf.apf
  3. Once you are editing the file, search for the term ingress. Within the conf.apf file you should find common inbound TCP ports.
  4. Next, add the port you wish to open by adding it to the comma separated list as shown below:
    IG_TCP_CPORTS="20,21,25,53,80,110,143,443,465,587,993,995,2079,
    2080,2082,2083,2086,2087,2095,2096,3306,9091,30000_35000"
  5. Once done, save the file.
     
  6. Finally, save the new APF settings by running the following command.
    apf -r
  7. If you look through the output you should see the following line:
    apf(11760): {glob} opening inbound tcp port 9091 on 0/0

Congratulations, now you know how to allow ports in APF via the command line! Using this process, you can open up specific ports to facilitate the usage of various applications that do not rely on the standard default ports. When modifying your firewall, it is important to ensure that you are only accepting legitimate traffic. By paying attention to the security requirements of the software you’re using you can ensure that your APF setup is configured correctly.

Need more help with APF? Familiarize yourself with some basic APF commands!

AK
Alyssa Kordek Content Writer I

Alyssa started working for InMotion Hosting in 2015 as a member of the Technical Support team. Before being promoted to Technical Writer, Alyssa developed expertise in the fields of server hardware, Linux operating systems, cPanel, and WordPress. She now works to produce quality technical content featuring cutting-edge topics such as machine learning, data center infrastructure, and graphics card technology.

More Articles by Alyssa

Was this article helpful? Let us know!