UFW Firewall

Discussion in 'Installation/Configuration' started by Ilko, Jan 19, 2016.

  1. Ilko

    Ilko New Member

    Greetings,

    I need UFW firewall instead of Bastille, it is just that, bastille is too basic, it does not support IPv6 and you must edit IP tables directly for basic tasks like block IP, or unblock IP. I personally do not have problems working with IP tables, but if you have client, or support (for example) who have not idea what he/she is doing they almost everytime brake something, or block all access to their server not intentionally.

    So, I looked over this forum and google how to repace bastille with UFW, but I found only 1 old thread, which was not complete. Can you please let me know a good guide to replace bastille with UFW and make it work with ISPconfig3 as well.

    Thank you in advance,
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    1) remove the firewall in ispconfig.
    2) stop the bastille firewall with its init scripts and disable it from starting automatically.
    3) install ufw.
    4) set firewall type from bastille to ufw under system > server config
    5) add the firewall in ispconfig again.
     
  3. jar240

    jar240 New Member

    Hi till.

    When you say "remove the firewall in ispconfig", what are the exact steps? What is the difference between steps #4 and #5?

    Thanks!
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Login to ispconfig, go to System > Firewall and click on the delete button of the firewall record of that server in the list.
     
    jar240 likes this.
  5. rob_morin

    rob_morin Member

    How can I allow ssh only from certain IPs rather than the whole world?? From within ispconfig control panel. I am using ufw.
     
  6. Jesse Norell

    Jesse Norell Well-Known Member

    You can't from the ispconfig gui. That feature request is https://git.ispconfig.org/ispconfig/ispconfig3/issues/3717 You can do this manually though, eg:
    Code:
    ufw allow from 10.20.30.0/24 to any port 22
     
    ahrasis likes this.
  7. rob_morin

    rob_morin Member

    Thanks for the info!
     

Share This Page