Hello! Im running Virtualmin at Centos 7.
Installation now works quite perfect, but I would like to make some improvements of the firewall configuration to improve security. My philosofy is that all ports that does not have to be open should be closed.
I can see from Virtualmin default configuration that TCP 1025-65535 is left open. I dont understand the reason for that, but I would like to ask the question “can I close it” before I do it.
Normally a Linux should work as a “statefull Instpection firewall” so it will keep track of and open for all return-traffic. Then it should be no problem to take away the rule that open for TCP 1025-65535. If on the other hand the firewall for some reason should be configured as a “static firewall” closing TCP 1025-65530 i guess closing these ports might lead to “a closed firewall” in such a way that I will have to reinstall the server. (Or at least some problems.)
I guess that the firewall configuration done by Virtualmin still maintain the “statefull inspection firewall prinsiple” so it is safe to take away the rule that open for TCP 1025-65535 ?
I looked around in the file system and found out that it is firewald that do the job. I also made a listing of firewalls rules: iptables -L this shows this line:
ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED
This should indicate that there should be no problem to take away the TCP 1025-65535 rule, I guess.
Also some linkes for later reference:
I used the Virtualmin default configuration tool and closed all portst exept for TCP 80, TCP 443 and TCP 10000-10100. Seems to be working OK.
I dont understand why the default configuration of the firewall open a range of 100 ports. Shouldnt only TCP 10000 be OK for loging and management of Virtualmin?
Now I dont like to “just try” because if Im locked out of Virtualmin I will have no other way in, and I will have to reinstall all the server and all the domains.