The default ports allowed by CSF are:
20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:35000
Just curious, what other ports (if any) do you think are important to lock down and why?
The Ports you have to allow and block depends on the kind of Webhosting/ Applications you are running on your web server.
Here's an example of the list of ports i would normally allow :
1) The SSH Port - Default is 22, but if you've changed it to something else in sshd config, you should allow that so that you can connect to your SSH.
2) Domain, FTP and DNS and HTTPS ports : 80, 21, 53, 443 - These in order. These are to be allowed as a must unless you're not using any of the following ports.
3) Mails - POP3, IMAP4, SMTP : 110, 143, 25 (POP 3 with SSL uses ports 993/995) - These in order. If you're using them make sure to allow them open or else you wouldn't require them.
4) Gaming Ports and VOIP apps or Other application's ports : Usually Gaming Ports vary and they have their own defaults, same for VOIP messenger servers like Mumble's server -Murmur has a default port of -64738 and varies per application.
5) Control Panels - For CPanel and WHM ( Assuming that you manage the VPS and have WHM running) - Ports are 2082, 2083,2086,2087 ( SSL ports - 2083 and 2087) .
- For Kloxo Panel it is 7777 and 7778 (SSL -7777) : Ports on Kloxo are configurable and changable.
6) If you want to allow any specific Port ranges you can use - Portnumber1
ortnumber100 (Like you have in your list 30000:35000). It is best to not allow such a huge port range open.
So if you're not using any particular application, you can have those port numbers removed from CSF's allow Default ports list.