Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 22nd January 2010, 13:50
vaio1 vaio1 is offline
Senior Member
 
Join Date: Jul 2007
Location: Italy
Posts: 664
Thanks: 77
Thanked 12 Times in 7 Posts
Default ISPConfig and IPTABLES - Trash Automatic Setting??

Hi guys,

I have seen for the first time today the rules generated by the ISPConfig application. Many users in various IRC chat told me that are only trash! Is it possible?

These are the IpTables generated by ISPConfig:

Code:
# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
DROP       tcp  --  anywhere             127.0.0.0/8         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere            
PUB_IN     all  --  anywhere             anywhere            
PUB_IN     all  --  anywhere             anywhere            
PUB_IN     all  --  anywhere             anywhere            
PUB_IN     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
PUB_OUT    all  --  anywhere             anywhere            
PUB_OUT    all  --  anywhere             anywhere            
PUB_OUT    all  --  anywhere             anywhere            
PUB_OUT    all  --  anywhere             anywhere            

Chain INT_IN (0 references)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain INT_OUT (0 references)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain PAROLE (11 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain PUB_IN (4 references)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable 
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply 
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded 
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ssh 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:http 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:hosts2-ns 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imap 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ndmp 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:mysql 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
DROP       icmp --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain PUB_OUT (4 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere
how can rewrite them or improve them?
Reply With Quote
Sponsored Links
  #2  
Old 22nd January 2010, 17:23
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,561
Thanks: 791
Thanked 4,978 Times in 3,899 Posts
Default

They are not generated by ispconfig, they are generated by the bastille firewall. Bastille firewall is a a well known firewall script that is used to enhance linux security and is around there for > 10 years. Its a very stable and well known software....

http://www.linux.com/archive/feature/118353

Some other rules might be from fail2ban. If you use fail2ban on the same system, you should configure it to use the route command instead of iptables. see ispconfig FAQ for details.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 22nd January 2010, 18:53
vaio1 vaio1 is offline
Senior Member
 
Join Date: Jul 2007
Location: Italy
Posts: 664
Thanks: 77
Thanked 12 Times in 7 Posts
Default

So why in the CentOs IRC chat told that is only trash?
Reply With Quote
  #4  
Old 22nd January 2010, 19:07
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,561
Thanks: 791
Thanked 4,978 Times in 3,899 Posts
Default

I guess you find many funny poeple in IRC. Or do you think that linux.com and many other well known linux sites and newspapers write artciles about trash
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 22nd January 2010, 19:30
vaio1 vaio1 is offline
Senior Member
 
Join Date: Jul 2007
Location: Italy
Posts: 664
Thanks: 77
Thanked 12 Times in 7 Posts
Default

Strange situation! ahahha
Anyway, thanks
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables, bastille, ISPConfig setup papokergod Installation/Configuration 17 1st February 2009 13:31
ISPconfig & Webmin : admin failed connection Stratego Installation/Configuration 1 26th May 2008 03:06
ispconfig is killing external iptables supertom64 Installation/Configuration 4 15th February 2007 09:01
ISPConfig firewall and iptables help !!! iovo General 1 16th November 2006 15:52
Running ISPConfig on a vserver? tron Installation/Configuration 4 8th December 2005 10:35


All times are GMT +2. The time now is 09:31.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.