After doing some searching I figured out the firewall wasn't installed by default and I just want someone to check that I installed it alright.
I read in the comments section of the debian lenny guide to use
Code:
# apt-get install bastille -y
To install the firewall. I kept the already installed script from ispconfig. I got a weird error from psad
Code:
ERR: Syslog has not been configured to send messages to /var/lib/psad/psadfifo. Please configure it as described in psad(8).
So I googled it and found
basic lowdown and the
way to debug psad.
I used
Code:
# echo -e ’kern.info\t|/var/lib/psad/psadfifo’ >> /etc/syslog.conf
To fix the original error and I edited the /etc/psad/psad.conf
Code:
EMAIL_ADDRESSES <myemailaddress>;
HOSTNAME <myhostname>;
SYSLOG_DAEMON rsyslogd;
### Only send email alert if danger level >= to this value.
EMAIL_ALERT_DANGER_LEVEL 3;
I went back into my ispconfig 3 webface and deleted the rule and remade.
Open TCP ports: 20,21,22,25,53,80,110,143,443,3306,8080,10000
Open UDP ports: 53,3306
and now my 'iptables -L'
Code:
administrator@web1:~$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere loopback/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere
Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain PAROLE (12 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain PUB_IN (4 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp-data
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:www
PAROLE tcp -- anywhere anywhere tcp dpt:pop3
PAROLE tcp -- anywhere anywhere tcp dpt:imap2
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:mysql
PAROLE tcp -- anywhere anywhere tcp dpt:http-alt
PAROLE tcp -- anywhere anywhere tcp dpt:webmin
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:mysql
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere
Chain PUB_OUT (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain fail2ban-ssh (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Do the iptables look alright? I'm not very experienced in the lingo, yet.