Enabling outgoing traceroutes in ConfigServer Firewall

If you operate a dedicated server with cPanel/WHM and ConfigServer Firewall loaded, initially you will be unable to perform outgoing traceroutes. This is because certain outgoing port ranges are, by default, blocked for security.

To enable outgoing traceroutes, navigate to “ConfigServer Security and Firewall” in the lefthand WHM navigation bar. Then click on “Firewall Configuration” in the “csf – ConfigServer Firewall” portion of the screen.

This opens the configuration settings for the firewall. Navigate to the portion of the page with the “UDP_OUT” settings. Because of the hundreds of settings and size of the page, it may be faster for you to just search on the page for the term “UDP_OUT” to locate those settings.

The UDP_OUT settings show which port ranges are permitted for outgoing UDP connections. As indicated by the instructions immediately above the list, “To allow outgoing traceroute add 33434:33523 to this list”. This means to literally add “,33434:33523” to the end of the list of ranges.

Then scroll to the bottom of the screen and press “Change”. This will save the configuration settings. The next screen will prompt you to press the button “Restart csf+lfd”. do this to confirm all the changes and restart the firewall.

You should now be able to perform outgoing traceroutes from your server.