If you install a firewall in Cpanel, it is recommended on opening the following default ports:

TCP (inbound): 53, 80, 110, 143, 443, 465, 993, 995, 2078, 2083, 2087, 2089, 2096, 3306, 6666
UDP (inbound): 53, 465, 2078
TCP (outbound): 37, 43, 53, 80, 113, 465, 873, 2078
UDP (outbound): 53, 465, 873, 2078

Here's an explenation of what each port is for:

20, 21: sFTP, FTP

Sftp over SSH (port 20) is more secure than FTP (port 21):

22: ssh access

25, 26: smtp for exim to recieve email

Port 26 is only used if designated in Service Manager in WHM

37: rdate service

43: whois service

53: dns (named), so your sites resolve

80, 443: apache traffic; http and https

110, 995: client pop email access

113: ident service

143, 993: clients imap email access

465: SMTP TLS/SSL service

873: rsync service

2078: Used for Web Disks - WebDAV

2083: Cpanel port for client access via https

2087: Cpanel port for WHM access via https

2089: Must be open to contact Cpanel license server

2096: Must be open to contact Cpanel webmail via https

6666: Melange Chat Services

Optional:

3306: mysql access. You don't need to open this port if you don't want to allow remote mysql access, as most mysql scripts are all accessed locally.

2082: Cpanel user access. You don't need to open this port if you access Cpanel via the https port 2083.

2086: Cpanel WHM access. You don't need to open this port if you access the WHM via the https port 2087.

2095: Cpanel webmail access. You don't need to open this port if you access the webmail via the https port 2096.