#1  
Old 3rd November 2011, 23:23
The Other Air Force The Other Air Force is offline
Junior Member
 
Join Date: Sep 2011
Location: Canada
Posts: 18
Thanks: 5
Thanked 4 Times in 3 Posts
Default Firewall not updating

After upgrading to ISPConfig 3.0.4, my firewall rules are no longer being processed. It appears my iptables are gone back to Ubuntu defaults (10.04) and any changes I make in ISPConfig are not being applied.

iptables -L lists the following:

Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh
fail2ban-courierauth  tcp  --  anywhere             anywhere            multiport dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-courierauth (1 references)
target     prot opt source               destination

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
I have the following ports defined in ISP Config:
20,21,22,25,26,53,80,110,143,443,465,585,587,993,9 95,8080,10000,40110:40210

I am not even sure where to start troubleshooting.

Thanks
Reply With Quote
Sponsored Links
  #2  
Old 4th November 2011, 01:36
The Other Air Force The Other Air Force is offline
Junior Member
 
Join Date: Sep 2011
Location: Canada
Posts: 18
Thanks: 5
Thanked 4 Times in 3 Posts
Default

Actually, I am getting this error:

/sbin/bastille-ipchains: line 604: /sbin/ipchains: No such file or directory

Shouldn't this be iptables?
Reply With Quote
  #3  
Old 4th November 2011, 10:51
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

I've just found the problem and fixed it in SVN. The problem is that the Bastille firewall init script doesn't detect kernel 3 and therefore thinks a kernel < 2.3 is being used.

Please open /etc/init.d/bastille-firewall and replace line 61
Code:
REALSCRIPT=/sbin/bastille-ipchains
with
Code:
REALSCRIPT=/sbin/bastille-netfilter
and remove this section:
Code:
if [ -n "$(uname -r | awk -F. ' $1 == 2 && $2 > 2 {print}')" ]; then
	# We are using Linux 2.3 or newer; use the netfilter script if available
	if [ -x /sbin/bastille-netfilter ]; then
		REALSCRIPT=/sbin/bastille-netfilter
	fi
fi
(lines 81 - 86)
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
The Other Air Force (6th November 2011)
  #4  
Old 6th November 2011, 00:57
The Other Air Force The Other Air Force is offline
Junior Member
 
Join Date: Sep 2011
Location: Canada
Posts: 18
Thanks: 5
Thanked 4 Times in 3 Posts
Default

Seems to be updating now! Thanks!

So is this a problem with Bastille or was it caused by ISPConfig and I only just noticed it?

Thanks!
Reply With Quote
  #5  
Old 6th November 2011, 17:03
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,381
Thanks: 833
Thanked 5,482 Times in 4,316 Posts
Default

Thats a bug in the bastille script which does not recognize linux kernels with version 3.x correctly. We will deliver a fixed bastille script with the next ispconfig release.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 1st November 2012, 04:17
hendiananta hendiananta is offline
Junior Member
 
Join Date: Mar 2011
Posts: 3
Thanks: 1
Thanked 0 Times in 0 Posts
 
Default My firewall of ispconfig 3 is not working too

Hello, firewall of my ispconfig 3 does not work too, perhaps due to the time iptables script accidentally deleted. Here view of iptables -L :

Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24     state RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
i have followed this instruction :
Quote:
Originally Posted by falko View Post
I've just found the problem and fixed it in SVN. The problem is that the Bastille firewall init script doesn't detect kernel 3 and therefore thinks a kernel < 2.3 is being used.

Please open /etc/init.d/bastille-firewall and replace line 61
Code:
REALSCRIPT=/sbin/bastille-ipchains
with
Code:
REALSCRIPT=/sbin/bastille-netfilter
and remove this section:
Code:
if [ -n "$(uname -r | awk -F. ' $1 == 2 && $2 > 2 {print}')" ]; then
	# We are using Linux 2.3 or newer; use the netfilter script if available
	if [ -x /sbin/bastille-netfilter ]; then
		REALSCRIPT=/sbin/bastille-netfilter
	fi
fi
(lines 81 - 86)
and i have message :
Code:
ERROR: "/sbin/bastille-netfilter" not available!
please help me

Last edited by hendiananta; 1st November 2012 at 04:20.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
High Availability (Load Balancing) behind a firewall geek.de.nz Server Operation 7 4th January 2011 13:58
The system is currently updating the configuration files. warlock General 8 21st February 2009 18:15
Running customised firewall script -RHEL 4 sud.tech Technical 0 12th June 2008 15:17
I need a suitable firewall. agul Server Operation 4 23rd November 2005 00:12
Updating firewall breaks VPS benbalbo Installation/Configuration 2 4th November 2005 06:58


All times are GMT +2. The time now is 20:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.