CyberPanel has CSF installed by default but it was removed after an update because of an incompatibility issue with Django. I decided to get UFW configured instead until the issue is fixed. CyberPanel has patched the issue and CSF is back in the latest version.
TL:DR
apt install ufw
ufw default deny incoming
ufw default allow outgoing
ufw limit ssh comment "Allow SSHd and rate limit SSHd login attempts"
ufw allow 21,25,53,80,110/tcp comment "Incoming TCP ports needed for CyberPanel"
ufw allow 143,443,465,587/tcp comment "Incoming TCP ports needed for CyberPanel"
ufw allow 993,995/tcp comment "Incoming TCP ports needed for CyberPanel"
ufw allow 40110:40210/tcp comment "Incoming FTP pasv range needed for CyberPanel"
ufw allow 53,443/udp comment "Incoming UDP ports needed for CyberPanel"
ufw show added
ufw enable
ufw status verbose
These are the steps to harden the server with UFW
- Install UFW in case it is not installed already
apt install ufw
- Configure UFW
ufw default deny incoming
ufw default allow outgoing
ufw limit ssh comment "Allow SSHd and rate limit SSHd login attempts"
ufw allow 21,25,53,80,110/tcp comment "Incoming TCP ports needed for CyberPanel"
ufw allow 143,443,465,587/tcp comment "Incoming TCP ports needed for CyberPanel"
ufw allow 993,995/tcp comment "Incoming TCP ports needed for CyberPanel"
ufw allow 40110:40210/tcp comment "Incoming FTP pasv range needed for CyberPanel"
ufw allow 53,443/udp comment "Incoming UDP ports needed for CyberPanel"
- Review the rules
ufw show added
- Enable UFW if rules are correct
ufw enable
- Check the status
ufw status verbose
This should cover the ports CyberPanel needs to work properly.