A Tutorial To Build A Debian 11 Web Site Hosting Server Using Apache, BIND, Dovecot, MariaDb, PureFTPD and ISPConfig - Page: 5
By: Edward Kimmel
Secure Your Server Using Firewalld
4.01 Overview
The default version of the Debian Firewall is not installed automatically when you installed the OS on your computer originally. You must install the required packages from the default repositories. ISPConfig does contain a version of the Bastille firewall but I personally would rather use the firewalld daemon.
4.02 Install Debian Firewalld
Now to install Debian 11 Firewall (firewalld), just run the following command:
apt install -y firewalld
4.03 Open Used Ports In Debian Firewalld
Now to Configure Firewall (Firewalld).
Importantly, the default SSH firewall allows remote users. But if the SSH port changes, you need to allow SSH access to another port. To do this, run the following command:
firewall-cmd --permanent --add-port=2232/tcp
As you can see in the following commands, you can directly provide service names such as “MySQL”, “FTP”, “DNS”, “HTTP” or “HTTPS” for permission:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-service=mysql
firewall-cmd --permanent --add-service=ftp
firewall-cmd --permanent --add-service=dns
As the example previously shown, you can open your mail server ports with the following commands:
Open SMTP Port 25:
firewall-cmd --permanent --add-port=25/tcp
Open SMTP Port 587:
firewall-cmd --permanent --add-port=587/tcp
Open SMTP Secure Port 465:
firewall-cmd --permanent --add-port=465/tcp
Open POP Port 110:
firewall-cmd --permanent --add-port=110/tcp
Open POPS Port 995:
firewall-cmd --permanent --add-port=995/tcp
Open IMAP Port 143:
firewall-cmd --permanent --add-port=143/tcp
Open IMAP3 Port 993:
firewall-cmd --permanent --add-port=993/tcp
Open Cockpit port:
firewall-cmd --permanent --add-port=9090/tcp
You should now update and activate the changes you made:
firewall-cmd --reload
4.04 Don’t Install ISPConfig Bastille Firewall
Note: Since you are using firewalld as your server’s firewall, during the ISPConfig installation when asked, Configure Firewall Server (y,n) [y]: answer this n or No.
If you answer [y], ISP Config’s installation will install and enable the Bastille firewall. Running 2 firewalls at the same time will cause problems.
Recent Comments
Categories
Archives