This short guide will teach you how to Configure Cpanel Firewalld on CentOS 7. The default installation of Cpanel Server should automatically configure the firewall for you. If you’re using CentOS 6, It should configure iptables for you, If on CentOS 7, firewalld should be set for you.

But this is not always the case. Suppose you installed Cpanel when firewalld service was not running, and later started firewalld, the rules for Cpanel won’t be available. In this case, you have to manually invoke cpanel scripts to configure the firewall.

Configure Cpanel Firewalld on CentOS 7

There are two ways to achieve this. One is using the script which automatically configures the firewalld by adding a service profile for cpanel. An alternative method if for you to define cpanel firewalld service and load it to firewalld service.

Configure Cpanel firewalld using a script.

This is the easy method, you just need to run a single command and bam!.

# iptables-save > /etc/sysconfig/
# /usr/local/cpanel/scripts/configure_firewall_for_cpanel
# iptables-restore < /etc/sysconfig/iptables.sav

This should take care of any iptables rules in existence. Note that with firewalld, you can’t have a different firewall service like csf running, it will mask firewalld.

After the script is executed, confirm the new firewall rules:

# firewall-cmd --list-all
 target: default
 icmp-block-inversion: no
 interfaces: sources: 
 services: dhcpv6-client ssh cpanel
 masquerade: no
 icmp-blocks: rich rules:

You can see we have cpanel service listed. The script created a service for it located under /etc/firewalld/services/cpanel.xml:

Configure Cpanel firewalld manually.

For manual configuration, define /etc/firewalld/services/cpanel.xml with these content:

# cat /etc/firewalld/services/cpanel.xml 
<?xml version="1.0" encoding="utf-8"?>
 <description>This option allows you to access cPanel &amp; WHM's standard services.</description>
 <port protocol="tcp" port="21"/>
 <port protocol="tcp" port="22"/>
 <port protocol="tcp" port="25"/>
 <port protocol="tcp" port="26"/>
 <port protocol="tcp" port="53"/>
 <port protocol="tcp" port="80"/>
 <port protocol="tcp" port="110"/>
 <port protocol="tcp" port="143"/>
 <port protocol="tcp" port="443"/>
 <port protocol="tcp" port="465"/>
 <port protocol="tcp" port="579"/>
 <port protocol="tcp" port="587"/>
 <port protocol="tcp" port="993"/>
 <port protocol="tcp" port="995"/>
 <port protocol="tcp" port="2077"/>
 <port protocol="tcp" port="2078"/>
 <port protocol="tcp" port="2079"/>
 <port protocol="tcp" port="2080"/>
 <port protocol="tcp" port="2082"/>
 <port protocol="tcp" port="2083"/>
 <port protocol="tcp" port="2086"/>
 <port protocol="tcp" port="2087"/>
 <port protocol="tcp" port="2095"/>
 <port protocol="tcp" port="2096"/>
 <port protocol="tcp" port="3306"/>
 <port protocol="tcp" port="8080"/>
 <port protocol="tcp" port="49152-65534"/>
 <port protocol="udp" port="53"/>

Then add the service to firewalld:

# firewall-cmd --add-service=cpanel --permanent
# firewall-cmd --reload

You can now test to confirm that you can indeed access the ports defined.


Thanks for reading our guide on how to Configure Cpanel Firewalld on CentOS 7. There is no defined way to configure a firewall for Cpanel. You can use ufw, CSF or vanilla iptables commands. Whichever works for you is okay. The aim is to secure the server, so how you do it is not a matter of concern.

Also read:

How to Install PHP Composer on Cpanel

How to add PHPZIP Archive in cPanel

Your support is our everlasting motivation,
that cup of coffee is what keeps us going!

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.


Please enter your comment!
Please enter your name here