Allowing Ports in APF

Allow Ports in APF Hero Image

One of the most important aspects of server security is the firewall server configuration. Generally speaking, firewalls function by preventing unauthorized traffic from accessing your server. By default, APF (Advanced Policy Firewall) blocks most ports except those needed for web servers to operate, such as port 80, 443, etc. Occasionally, you may need to open ports for specific software operations. Unfortunately, as there is no default way to modify APF within WHM, you can only add IP addresses to the firewall’s whitelist via the command-line interface. In this article, we will outline the process of allowing specific ports in APF.

Allow Access to a Specific Port from all IPs

  1. First, log into your Dedicated Server via SSH as the root user.
     
  2. Next, edit the following file with a text editor. In the below example, we will be using vim.
    vim /etc/apf/conf.apf
  3. Once you are editing the file, search for the term ingress. Within the conf.apf file you should find common inbound TCP ports.
  4. Next, add the port you wish to open by adding it to the comma separated list as shown below:
    IG_TCP_CPORTS="20,21,25,53,80,110,143,443,465,587,993,995,2079,
    2080,2082,2083,2086,2087,2095,2096,3306,9091,30000_35000"
  5. Once done, save the file.
     
  6. Finally, save the new APF settings by running the following command.
    apf -r
  7. If you look through the output you should see the following line:
    apf(11760): {glob} opening inbound tcp port 9091 on 0/0

Congratulations, now you know how to allow ports in APF via the command line! Using this process, you can open up specific ports to facilitate the usage of various applications that do not rely on the standard default ports. When modifying your firewall, it is important to ensure that you are only accepting legitimate traffic. By paying attention to the security requirements of the software you’re using you can ensure that your APF setup is configured correctly.

Need more help with APF? Familiarize yourself with some basic APF commands!

2 Comments

    • Sorry to hear that, Sabrina. Could you please provide more information on exactly what you’re trying to do and what error you are receiving so that we can suggest a fix?

Was this article helpful? Let us know!