Firewall not installed by default?

Discussion in 'Installation/Configuration' started by Romoku, Jul 15, 2010.

  1. Romoku

    Romoku New Member

    After doing some searching I figured out the firewall wasn't installed by default and I just want someone to check that I installed it alright.

    I read in the comments section of the debian lenny guide to use

    Code:
    # apt-get install bastille -y
    To install the firewall. I kept the already installed script from ispconfig. I got a weird error from psad

    Code:
    ERR: Syslog has not been configured to send messages to /var/lib/psad/psadfifo. Please configure it as described in psad(8).
    So I googled it and found basic lowdown and the way to debug psad.

    I used
    Code:
    # echo -e ’kern.info\t|/var/lib/psad/psadfifo’ >> /etc/syslog.conf
    To fix the original error and I edited the /etc/psad/psad.conf

    Code:
    EMAIL_ADDRESSES <myemailaddress>;
    
    HOSTNAME                    <myhostname>;
    
    SYSLOG_DAEMON               rsyslogd;
    
    ### Only send email alert if danger level >= to this value.
    EMAIL_ALERT_DANGER_LEVEL    3;
    
    I went back into my ispconfig 3 webface and deleted the rule and remade.

    Open TCP ports: 20,21,22,25,53,80,110,143,443,3306,8080,10000
    Open UDP ports: 53,3306

    and now my 'iptables -L'

    Code:
    administrator@web1:~$ sudo iptables -L
    Chain INPUT (policy DROP)
    target     prot opt source               destination
    DROP       tcp  --  anywhere             loopback/8
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
    ACCEPT     all  --  anywhere             anywhere
    DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    PUB_IN     all  --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
    DROP       all  --  anywhere             anywhere
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    PUB_OUT    all  --  anywhere             anywhere
    
    Chain INT_IN (0 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain INT_OUT (0 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    
    Chain PAROLE (12 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    
    Chain PUB_IN (4 references)
    target     prot opt source               destination
    ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
    ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp-data
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ssh
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:www
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imap2
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:mysql
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:http-alt
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:webmin
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:mysql
    DROP       icmp --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    
    Chain PUB_OUT (4 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    
    Chain fail2ban-ssh (0 references)
    target     prot opt source               destination
    RETURN     all  --  anywhere             anywhere
    
    Do the iptables look alright? I'm not very experienced in the lingo, yet.
     
  2. till

    till Super Moderator

    ISPConfig comes with its own copy of bastille. Please do not install it with apt, it will corrupt the firewall setup from ISPConfig!

    You can enable the firewall by creating a firewall record in ispconfig under system.
     

Share This Page