Description
Using a firewall with WHM/cPanel can be confusing and complicated as WHM doesn’t ship with a firewall by default.
The two mainstream Linux distributions, namely CentOS/Redhat and Ubuntu/Debian, also have differing recommended firewall technologies.
CSF & iptables & firewalld
The most popular firewall management utility for WHM appears to beCSF.
The firewall installed on your server will typically be either iptables or firewalld.
You cannot use both iptables and firewalld, and thus have to choose one or the other.
To determine if you’re using iptables or firewalld, issue the following commands:
service firewalld status
or
iptables -L
iptables is the original tried and tested technology, whereas firewalld seems to be somewhat simpler to understand.
Our recommendation is to install CSF on your WHM server to manage the firewall.
Here are instructions to install CSF taken from the cPanel documentation:
cd /usr/src rm -fv csf.tgz wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf && ./install.sh
Important note for CentOS 7, CloudLinux 7, and RHEL 7 users
The cPanel documentation has the following note:
Important:
We recommend that you only use the firewall utilities on CentOS 7, CloudLinux 7, and RHEL 7 servers.
Note the ambiguity with the word 'firewall' above making it very unclear as it could be referencing firewalld as well.
In our experience CSF will use iptables if it’s available on a CentOS 7 installation.
Please a comment below or contact us should you require assistance with your WHM and firewall setup.
References
How to Configure Your Firewall for cPanel Services
https://en.wikipedia.org/wiki/Iptables
https://www.unixmen.com/iptables-vs-firewalld/
https://forums.cpanel.net/threads/how-to-enable-firewall-in-whm.120205/
https://www.liquidweb.com/kb/how-to-manage-the-csf-firewall-in-whmcpanel/
https://computingforgeeks.com/configure-cpanel-firewalld-on-centos-7/
https://forums.cpanel.net/threads/firewalld-setup-questions.603739/