After doing some searching I figured out the firewall wasn't installed by default and I just want someone to check that I installed it alright. I read in the comments section of the debian lenny guide to use Code: # apt-get install bastille -y To install the firewall. I kept the already installed script from ispconfig. I got a weird error from psad Code: ERR: Syslog has not been configured to send messages to /var/lib/psad/psadfifo. Please configure it as described in psad(8). So I googled it and found basic lowdown and the way to debug psad. I used Code: # echo -e ’kern.info\t|/var/lib/psad/psadfifo’ >> /etc/syslog.conf To fix the original error and I edited the /etc/psad/psad.conf Code: EMAIL_ADDRESSES <myemailaddress>; HOSTNAME <myhostname>; SYSLOG_DAEMON rsyslogd; ### Only send email alert if danger level >= to this value. EMAIL_ALERT_DANGER_LEVEL 3; I went back into my ispconfig 3 webface and deleted the rule and remade. Open TCP ports: 20,21,22,25,53,80,110,143,443,3306,8080,10000 Open UDP ports: 53,3306 and now my 'iptables -L' Code: [email protected]:~$ sudo iptables -L Chain INPUT (policy DROP) target prot opt source destination DROP tcp -- anywhere loopback/8 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain PAROLE (12 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain PUB_IN (4 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ftp-data PAROLE tcp -- anywhere anywhere tcp dpt:ftp PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:www PAROLE tcp -- anywhere anywhere tcp dpt:pop3 PAROLE tcp -- anywhere anywhere tcp dpt:imap2 PAROLE tcp -- anywhere anywhere tcp dpt:https PAROLE tcp -- anywhere anywhere tcp dpt:mysql PAROLE tcp -- anywhere anywhere tcp dpt:http-alt PAROLE tcp -- anywhere anywhere tcp dpt:webmin ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:mysql DROP icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain PUB_OUT (4 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain fail2ban-ssh (0 references) target prot opt source destination RETURN all -- anywhere anywhere Do the iptables look alright? I'm not very experienced in the lingo, yet.
ISPConfig comes with its own copy of bastille. Please do not install it with apt, it will corrupt the firewall setup from ISPConfig! You can enable the firewall by creating a firewall record in ispconfig under system.
