ConfigServer Security & Firewall in WHMSometimes, it’s confusing which server ports should be open when setting up a server. Hopefully, this introduction to the ports that I generally keep open on a WHM/cPanel server running web, database, email, etc. services will help. Within WHM/cPanel I use the ConfigServer Security & Firewall script to manage my firewall port access and server security.

Do keep in mind to only have the ports open that you need. If you’re not needing or running a particular service, turn off that service and disable the port.

Tired of managing this yourself? Let Axelerant DevOps Takeover

Incoming TCP Ports

PortTCPUDPDescriptionStatus
20TCPUDPFTP—data transferOfficial
21TCPUDPFTP—control (command)Official
22TCPUDPSecure Shell (SSH)—used for secure logins, file transfers (scp, sftp) and port forwardingOfficial
25TCPSimple Mail Transfer Protocol (SMTP)—used for e-mail routing between mail serversOfficial
26TCPUDPUnassigned, often used as alternate SMTPOfficial
53TCPUDPDomain Name System (DNS)Official
80TCPUDPHypertext Transfer Protocol (HTTP)Official
110TCPPost Office Protocol v3 (POP3)Official
143TCPInternet Message Access Protocol (IMAP)—management of email messagesOfficial
443TCPHTTPS (Hypertext Transfer Protocol over SSL/TLS)Official
465TCPSMTP over SSLUnofficial
953TCPUDPDomain Name System (DNS) RNDC ServiceUnofficial
993TCPInternet Message Access Protocol over SSL (IMAPS)Official
995TCPPost Office Protocol 3 over TLS/SSL (POP3S)Official
2077TCPWebdiskUnofficial
2078TCPWebdisk SSLUnofficial
2082TCPCPanel defaultUnofficial
2083TCPCPanel default SSLUnofficial
2086TCPWebHost Manager defaultUnofficial
2087TCPWebHost Manager default SSLUnofficial
2095TCPCPanel default Web mailUnofficial
2096TCPCPanel default SSL Web mailUnofficial
30000:35000TCPNeeded pure-ftpd enabled PASVUnofficial

Outgoing TCP Ports

PortTCPUDPDescriptionStatus
20TCPUDPFTP—data transferOfficial
21TCPUDPFTP—control (command)Official
22TCPUDPSecure Shell (SSH)—used for secure logins, file transfers (scp, sftp) and port forwardingOfficial
25TCPSimple Mail Transfer Protocol (SMTP)—used for e-mail routing between mail serversOfficial
37TCPUDPTIME protocolOfficial
43TCPWHOIS protocolOfficial
53TCPUDPDomain Name System (DNS)Official
80TCPUDPHypertext Transfer Protocol (HTTP)Official
110TCPPost Office Protocol v3 (POP3)Official
113TCPUDPident—Authentication Service/Identification Protocol, used by IRC servers to identify usersOfficial
143TCPInternet Message Access Protocol (IMAP)—management of email messagesOfficial
443TCPHTTPS (Hypertext Transfer Protocol over SSL/TLS)Official
587TCPe-mail message submission (SMTP)Official
873TCPUDPrsync file synchronisation protocolOfficial USA only
995TCPPost Office Protocol 3 over TLS/SSL (POP3S)Official
2087TCPWebHost Manager default SSLUnofficial
2089TCPcPanel License UpdateUnofficial
2703TCP2703 Razor email scanningUnofficial

Incoming UDP Ports

PortTCPUDPDescriptionStatus
20TCPUDPFTP—data transferOfficial
21TCPUDPFTP—control (command)Official
53TCPUDPDomain Name System (DNS)Official

Outgoing UDP Ports

PortTCPUDPDescriptionStatus
20TCPUDPFTP—data transferOfficial
21TCPUDPFTP—control (command)Official
53TCPUDPDomain Name System (DNS)Official
113TCPUDPident—Authentication Service/Identification Protocol, used by IRC servers to identify usersOfficial
123UDPNetwork Time Protocol (NTP)—used for time synchronizationOfficial
873TCPUDPrsync file synchronization protocolOfficial USA only
6277UDPDistributed Checksum Clearinghouses (anti-spam)Unofficial

Firewall Security Level in WHMIf you’re just starting out, I highly recommend using the Medium pre-configured setting in ConfigServer Security & Firewall. You’ll stop much of the potential pains in being a server administrator while you learn more about adjusting it to your specific needs.

Port details referenced from List of TCP and UDP port numbers on Wikipedia.

Got DevOps?