Originally Posted by till
No, dont add Bastille in the runlevels, it is controlled and started be ythe ISPConfig startscript.
Just enable the Firewall under management > server > services.
Yeah, I noticed that the iptables --list did show the rules set up correclty so it obviously must start in the middle of the ISPConfig scripts.
I added some more ports to make a backup sshd service with a different sshd config file.
So the issue is this one:
If the ISPConfig scripts starts the firewall then I think we have a problem.
In the startup order ISPConfig is the last to start.
And, for example the NTP service takes a long time to connect to ntp servers and start and this happens Before we have the ISPConfig => Firewall activated.
All other services are up ...
That is why I wonder if it is not better to start the iptables Before ISPConfig and disable in ISPConfig the firewall.
It will be there on the runlevel we wich on the order we determine and is best suited.
In case of need we can use ISPConfig interface to change the firewall rules only (they do not change that often anyway ... ).
In a datacenter environment a long start without firewal can be complicated ...
What is your opinion.