CWP access - CSF iptable tcp ports 2030,2031,2082,2083,2086,2087,2095,2096

Which INPUT/OUTPUT which TCP ports are needed to be externally open for CWP to be accessible/working?

Chain INPUT (policy DROP) TCP NEW
ACCEPT 2031 (https access to CWP)

That leaves tcp ports 2030 (http access to CWP),2082,2083,2086,2087,2095,2096 listening externally. Is that exposure really necessary or can the list be further curtailed/mitigated?

+++

Chain OUTPUT (policy DROP) TCP NEW
ACCEPT 80 443

Is there any need for tcp ports 2030,2031,2082,2083,2086,2087,2095,2096 to initiate a NEW connection or can those ports not be removed?

Hi!
same here …
I've got the following in my /etc/csf/csf.conf

Code: [Select]

# Allow incoming TCP ports
TCP_IN = "25,53,80,443,2031,2082,2083,2086,2087,2095,2096"

# Allow outgoing TCP ports
TCP_OUT = "25,53,80,113,443,587,2031,2082,2083,2086,2087,2095,2096"

So what do the ports: 2082,2083,2086,2087,2095,2096
actually do?
Wikipedia tells me cPanel, but I dont use cPanel!
Does CWP(pro) use these ports in any way?
Can we remove/block them withour any trouble?

@n8v8r
I've removed 2030, because 2031 is more secure.
Here is a list of all the well-known ports »
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
2082,2083,2086,2087,2095,2096 are used for cPanel