Issue with UFW and ISPConfig

Discussion in 'General' started by kbrown.it, Jun 22, 2016.

  1. CreeWarrior

    CreeWarrior Member

    I have ISPConfig 3.1 Unbuntu 16 fresh install and noticed that ufw status = inactive, tried to start and restart it comes back with the same status: inactive
    :fogot had to use
    Code:
    ufw enable
    to get it going
     
  2. scmeis1

    scmeis1 New Member

    There is something missing from all of this. UFW has an issue in VPS or openVZ. If you installed ispconfig and enable UFW it blocks all access. There is a known issue with logging and you have to disable logging to have UFW work properly. Just thought i would share that.
     
    till likes this.
  3. Jesse Norell

    Jesse Norell Well-Known Member

    Likely a case of 'your mileage may vary' - and mine apparently varies, as I'm using ufw with openvz, and logging works just fine. (To clarify, I'm using ufw inside the container, I'm actually using vzfw on the hardware node.)
     
  4. comlinks

    comlinks New Member

    Hi, I have similar problem on current stable ISPConfig (3.1.1p1, Debian Jessie).
    After firewall disable and enable (because of unchecking and checking again firewall rule in ISPC web) I'm locked out. Don't know why and by what, but somewhere during this process (I think it has happened while "Stopping the firewall" is logged) it clears generic ufw rules from basic INPUT/FORWARD/OUTPUT chains, but leaves in place other ufw-* chains - (only in IPv4 tables, IPv6 stays there). After that ufw enable doesn't make generic rules (seems like it detects ufw-* chains and decides that init has been already done) into generic chains. So all the rules are in place, but it is not linked into basic chains. When you delete all the empty unlinked ufw-* chains, ufw enable makes all the INPUT/FORWARD/OUTPUT generic rules again. For me it happened after I've moved from bastilla to ufw.

    Sorry I have no more time to debug, my workaround was to disable firewall in ISPC and call ufw allow rules from commandline. Hopefully this information would be useful for others.
     
    Last edited: Jan 24, 2017

Share This Page