Service 'firewall_server' disabled

Discussion in 'General' started by ChuckSC, Oct 26, 2016.

  1. ChuckSC

    ChuckSC New Member

    Hello everyone,

    While updating ISPConfig today, I saw this:
    Code:
    [...]
    Reconfigure Permissions in master database? (yes,no) [no]: yes
    Service 'firewall_server' has been detected (currently disabled) do you want to enable and configure it?  (yes,no) [no]:
    [...]
    I'm unsure what this is about, could you please tell me what "firewall_server" is supposed to do? I initially followed the instructions to install "the perfect server" so I'm wondering if I missed something and if I should consider activating it?

    And just to let you guys know, it's a multiserver install on Debian Jessie with 2 servers running all services.
    Any comments and advice welcome. Thanks!
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    The firewall-service is currently not enabled on your server and you can activate this with "yes" during the update. Older versions didn't show such a warning and left the service inactive.
     
  3. Jesse Norell

    Jesse Norell Well-Known Member

    the 'server' in firewall_server is probably misleading, it's simply the piece that makes the firewall/port changes in the system after you set them in ispconfig. Ie. without it enabled, you could add some ports to your server under System > Firewall, and nothing would actually change in your iptables rules; with it enabled, the changes should show up in iptables.
     
  4. ChuckSC

    ChuckSC New Member

    Thank you for your answers guys.

    I assume it might be best to activate it next time I'm updating ISPConfig. As I understand, Bastille should be installed, but should I also install anything else (additional packages) to ensure it works? Right now it looks like it works fine:

    [​IMG]

    [​IMG]
     
  5. Jesse Norell

    Jesse Norell Well-Known Member

    Your images aren't showing for me. I would ditch bastille and install ufw personally, but if you only use ipv4 it will do the job.
     
  6. Entangled

    Entangled Member

    Hello,
    I finally got around to update from 3.0.5P9 to 3.1.2. I have upgraded the CP, and 3 Apache webservers. On the second update, I got this message:

    Service 'firewall_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]:

    And I replied 'no'.

    Question, how do I enable the 'firewall_server'?

    I can no rerun the update because it is already been updated. I can not find 'enable' firewall in the CP anywhere I have looked.

    Thank you.

    Craig
     
  7. ahrasis

    ahrasis Active Member

    For me, you can always rerun the update but have to opt for git-stable (3.1dev) for this round. You can revert back to 3.1.2 (opt for stable) if you want to run update again. I think ISPC install / update change the firewall file(s) to be able to manage it properly as such I am not so sure if there is any other way except if you know what file(s) and how ISPC is changing them during that process.
     
  8. Entangled

    Entangled Member

    Thanks for the reply, but, there's got to be another way of enabling the firewall without doing a Dev update then doing a Stable update. I grepped the ISPConfig looking for a 'flag' to set but there are too many 'hits' to figure out what file to pop. And if I popped it by hand on the Web server, it wouldn't tell the CP that the Firewall is enabled so an config change could wipe out my change.
     
  9. Jesse Norell

    Jesse Norell Well-Known Member

    You can re-run the update.php script manually, just download the tar archive, unpack it and run "php update.php" from the install/ directory. For your case of updating stable it's even easier, just run:
    Code:
    /usr/local/ispconfig/server/scripts/update_stable.sh
     
    ahrasis likes this.
  10. Entangled

    Entangled Member

    Thanks for the reply.

    I ran: /usr/local/ispconfig/server/scripts/update_stable.sh ... and:

    Service 'firewall_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]: yes

    I waited for a while, iptables -L still showed the basic. I rebooted. Same thing: no firewall rules. I reran the update. Same thing.

    I added an Open Port 53 to the list ... iptables -L now shows the Firewall so I have removed port 53 from the list ... Firewall still shows.

    I have since rebooted to make sure the Firewall comes up ... it does.

    Appreciate the help.

    Thank you.
     
    Last edited: Apr 25, 2017
  11. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    the db_server has nothing to do with a firewall....
     
  12. Entangled

    Entangled Member

    You are correct.

    I failed to change the message. My mistake has been edited out.

    Thanks for pointed that out.
     

Share This Page