What ports can be closed for security?


Please tell me, I closed the following ports through the firewall: 21,22,3306

I think it is possible to close port 53, for example? Other ports?

You can close all you dont need, so if you need port 53 which is bind/dns, then you can close it aswell. Same for ftp, intercae port and so on.

I wouldn’t close an ssh port unless you have an alternative access to console. I would change the ssh port instead.

As for the ports, make a list of the services that you need and then kill what you don’t need.

In order for the panel to work you only need the hestia port…

@UNSET If you are concerned about security, the basic rule is: close all ports and open only those your services need. In case of mail server, you basically need ssh port (usually 22), 80 (webmail plain), 443 (webmail tls), 25 (smtp plain), 465 (smtp tls), 993 (imap tls), hestia control panel. Plus some monitoring and backup if you have. Plus other services. Port 53 can be closed, if your server is not DNS server. Ftp is pretty unsecure, recommand not use it at all.

Thank you so much for your time! :slight_smile:

You can consider open port 22 only for know ips for example at home…

Move the ssh port to 22448

Security by obscurity isnt a good idea, moving a port doesnt make it more secure - it just takes you out from some port scanners and bots. Switch over to ssh keys, disable passwords and even limit it to source ips would be the way to go :slight_smile:.

1 Like

Of course. I agree 100% with you on that. I was not saying to allow root login with pass 1234 on port 22448