How to allow all outgoing ports in CSF

Once on the same server running cPanel, CSF (Config Server Firewall) and LFD (Login Failure Daemon) I wanted to run the Speedtest CLI, but it did not start because it could not connect to the servers, I opened the CSF settings through the WHM panel (at the very bottom menu “ConfigServer Security & Firewall” – “Firewall Configuration”), where he discovered that only a few outgoing ports were open:

TCP_OUT=20,21,22,25,37,43,53,80,110,113,443,587,873,993,995,2086,2087,2089,2703
UDP_OUT=20,21,53,113,123,873,6277

Incoming ports I highly recommend tearing off only those that are necessary, but outgoing ports are necessary for connections that the server itself installs, so you can open them all. To open all outgoing ports, I specified their entire range for TCP_OUT and UDP_OUT:

TCP_OUT=1:65535
UDP_OUT=1:65535

If IPv6 is used, then we also specify for TCP6_OUT and UDP6_OUT:

TCP6_OUT=1:65535
UDP6_OUT=1:65535

See also my articles:
Installing and Configuring Config Server Firewall (CSF) in Ubuntu
How to configure IPTables

Leave a comment

Leave a Reply