Closing port 80 for red

NethServer Version: 7.2 RC1
Module: httpd

Good Morning everyone :slight_smile:
i just try to figure out if it possible to close port 80 from the red zone and only have port 443 open. Or do i need port 80 open for something i dont know?

Good morning!

I think is not a good idea to close port 80 from WAN.
If you want to prevent force brut attack from WAN, install F2B by @stephdl. Is very efficient!

thanks for responding, i have installed F2B, but why you think it is not a good idea? i only need 443 for active sync etc.

Is possible to need port 80 for other apps and forget that you close it. Or not. :slight_smile:
Edit: I think the updates use port 80.

well i see that it is closed by viewing at services :wink:

hmm dont think that incoming connections uses port 80 for updates

Anyway, you can close it and see what is happen.:wink:

IMO if you don’t use any service requiring that port (like some 3rd-party web-server apps) there shouldn’t be any problem with closing it for incoming connections.

@GG_jr is right about port 80 being used for updates (yum). So it must be kept open for outgoing connections (for external repos).

As the port 80 is coupled with port 443 for httpd network service you may create a new firewall object service for port 80, and use it when creating the new firewall rule (eg. drop - red to any - http80service).

3 Likes

that was exactly what i want to know, thanks a lot. have do it that way and now only port 433 is reachable from the red side :slight_smile:

1 Like

Hi @hucky,

At least one reason to have port 80 open from outside (WAN):
http://docs.nethserver.org/en/v7rc/base_system.html#server-certificate

1 Like

Good catch! :thumbsup:

1 Like