Service 'firewall_server' disabled

Discussion in 'General' started by ChuckSC, Oct 26, 2016.

  1. ChuckSC

    ChuckSC New Member

    Hello everyone,

    While updating ISPConfig today, I saw this:
    Code:
    [...]
    Reconfigure Permissions in master database? (yes,no) [no]: yes
    Service 'firewall_server' has been detected (currently disabled) do you want to enable and configure it?  (yes,no) [no]:
    [...]
    I'm unsure what this is about, could you please tell me what "firewall_server" is supposed to do? I initially followed the instructions to install "the perfect server" so I'm wondering if I missed something and if I should consider activating it?

    And just to let you guys know, it's a multiserver install on Debian Jessie with 2 servers running all services.
    Any comments and advice welcome. Thanks!
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    The firewall-service is currently not enabled on your server and you can activate this with "yes" during the update. Older versions didn't show such a warning and left the service inactive.
     
  3. Jesse Norell

    Jesse Norell Active Member

    the 'server' in firewall_server is probably misleading, it's simply the piece that makes the firewall/port changes in the system after you set them in ispconfig. Ie. without it enabled, you could add some ports to your server under System > Firewall, and nothing would actually change in your iptables rules; with it enabled, the changes should show up in iptables.
     
  4. ChuckSC

    ChuckSC New Member

    Thank you for your answers guys.

    I assume it might be best to activate it next time I'm updating ISPConfig. As I understand, Bastille should be installed, but should I also install anything else (additional packages) to ensure it works? Right now it looks like it works fine:

    [​IMG]

    [​IMG]
     
  5. Jesse Norell

    Jesse Norell Active Member

    Your images aren't showing for me. I would ditch bastille and install ufw personally, but if you only use ipv4 it will do the job.
     

Share This Page