Removal of Bastille Firewall from ISPConfig3

Discussion in 'Feature Requests' started by concept21, Oct 16, 2012.

  1. concept21

    concept21 Member

    Bastille Firewall is a legacy software which does not run on Ubuntu 10.04.

    Please remove it from future ISPConfig3.

    Thanks. :cool:
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Bastille Firewall runs fine on Ubuntu 10.04.
  3. concept21

    concept21 Member

    Bastille has not been updated for several years. May I suggest you to replace it with CSF?? :)
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Bastille is a iptables firewall script which does everything that we need it for, so it does not matter how often it is updated as it works fine. Beside bastille, ispconfig supports ufw as firewall since 3.0.5.
  5. tek

    tek New Member

    Firewall scripts

    I had to remove bastille also from my setup because I needed some NAT - IP masquerading setup plus a fair number of ports to be forwarded. I know there are much easier firewall scripts out there such as ufw but I am actually doing a fair amount of port forwarding and using iscsi and other bits of blackmagic and having had no choice a long time ago I had gone through the pain and suffering to get arno-iptables-firewall setup and configured.

    Kind of sucks cause I am always tempted to click on firewall from the backend and I seem to recall at one point I actually did and this broke a nice long list of things as it tried to setup both firewalls to run.

    while I do wish arno-iptables-firewall could be configured through there I accept the fact that might be asking for a bit much.

    Since you mention ufw being supported now, I am wondering if there is a way perhaps to turn off ispconfig3 from handing it at all? Im gonna hate myself if I end up with yet another way I can shoot myself in the head.
  6. concept21

    concept21 Member

    If you don't install Bastille, ISpconfig firewall option just does not have any effect on the system's firewall.

    Then, you can install your own preferred firewall software. The startup script of Bastille can be manually removed or disabled.
  7. Parsec

    Parsec New Member

    Thats what I have done. I am using a simple combination of iptables + ipset + fail2ban (with ban2sql so everything is in a mysql database)
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    You did not had to remove it as bastille supports all kind of custom rules. Search the forum for bastille custom and you will find several threads that explain this in detail.
    Last edited: Feb 12, 2013
  9. abdi

    abdi New Member

    +1 on CSF (its really a power-full firewall app)
  10. FcbInfo

    FcbInfo New Member

    Old thread but...

    This is the unique reason that i'm not using ispconfig at this time.

    CSF <- Just don't try to find something better than this. You can't!

    Can you install csf on a server with ispconfig? Yes, you can, but this is not fully integrated with the control panel like it's working on cpanel.

    CSF can do, what a hardware firewall don't do!
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Current ISPConfig versions support 2 firwalls:

    1) Bastille Firewall
    2) UFW Firewall

    If you like to see CSF firewall too, then feel free to implement it and submit a patch.
  12. FcbInfo

    FcbInfo New Member

    Thanks for the reply.

    Today, i'm gonna try. If i can I'll post a tutorial here.

    If i can use csf with ispconfig, cpanel is dead to me!
  13. galdorf

    galdorf New Member

    looks like bastille firewall is gone website, forums all gone time to switch to csf.
  14. abdi

    abdi New Member

    Amen to that ..
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    This does not matter at all as the bastille script is installed tigether with ISPConfig, so we neither need their website or forum. Bastille is just a script to generate iptable rules and as long as the Linux kernel supports iptables, there are no changes in Bastille required.

    If you dont want to use Bastille, then install UFW. UFW is supported by ISPConfig as well.
  16. concept21

    concept21 Member

    Good news. Bastille should be gone. :D

    CSF supports modsec since v6.

    # lfd: (mod_security) mod_security (id:340165) triggered by

    Bare iptables is not enough nowadays.

    See CSF in work. Bastille is not the same class. ;)

    Attached Files:

    • csf.PNG
      File size:
      26.5 KB
    Last edited: Jul 4, 2014
  17. mmmexp

    mmmexp New Member

Share This Page