Cant start firewall

Discussion in 'Installation/Configuration' started by zogthegreat, May 20, 2010.

  1. zogthegreat

    zogthegreat New Member

    Hi everyone,

    I just realized that my firewall is not running on ISPConfig 3. When I go into the control panel, I click on "System", and the I choose "Firewall", the only option I have aviable is "Add Firewall record". when I connect via a shell, and type "iptalbes -L -n, I get the following output:

    [email protected] ~]# iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    [[email protected] ~]# iptables -L -n
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Running /etc/init.d/iptables start does not work. Am I supposed to create my firewall rules myself, and if so, what ports should be open?

    Thanks

    zog

    btw: My host system is CentOS 5.4
     
  2. Do you have bastille firewall installed, this is what ISPConfig 3 uses. (Someone correct me if i'm wrong please.)

    EDIT
    Also have you actually proceeded to 'add a new record' as you will get a list of default ports to add.
     
  3. I actually installed the firewall on my 2 servers today and it seems to be working fine.

    After searching around, the procedure I followed was:

    Code:
    apt-get install psad -y
    echo -e 'kern.info\t|/var/lib/psad/psadfifo' | sudo tee -a /etc/syslog.conf $ sudo
    /etc/init.d/sysklogd restart
    apt-get install bastille -y
    /etc/init.d/bastille-firewall start
    Add Firewall Record in ISPC3, then:

    Code:
    iptables -L
    Note, it worked for me, but I'm no expert!
     
  4. zogthegreat

    zogthegreat New Member

    Hi mhpcomputerservices,

    Turns out I do have Bastille installed, seems I need to do a little more rtmf.

    Do you know of any good links for managing Bastille?

    I am going to read up on psad, then install as you suggested, however, doesn't fail2ban perform the same function?

    Thanks

    zog
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    To start the firewall, add a firewall record in ispconfig for the server that shall be protected by the firewall. There is no additiona configuration needed except of adding this firewall record in ispconfig.

    If you use fail2ban on the same server, you should reconfigure it as described here so it does not collide with the bastille firewall.

    http://www.faqforge.com/linux/contr...ute-instead-of-iptables-to-block-connections/
     
  6. zogthegreat

    zogthegreat New Member

    Hi till,

    Thanks for the tip on fail2ban.

    zog
     

Share This Page