Where are the firewall rules?

Discussion in 'Installation/Configuration' started by vaio1, Nov 21, 2009.

  1. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    Hi Till and Falko,

    is the firewall bastille works in the ISPConfig 2 in a CentOS system?

    Code:
    # iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination 
    
    Where are the firewall rules?

    thanks
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Did you start the firewall in ISPConfig (Management > Server > Services)?
     
  3. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    yes Falko, but I think that it is open to all the connections! :eek:
    Furthermore how can avoid the DOS attack if we cannot edit or improve the rules?
     
  4. falko

    falko Super Moderator ISPConfig Developer

    And what's the output of
    Code:
    iptables -L
    now?
     
  5. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    The same!

    Code:
    # iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination  
    
     
  6. falko

    falko Super Moderator ISPConfig Developer

    What are the outputs of
    Code:
    ls -la /root/ispconfig/
    and
    Code:
    ps aux | grep wconf
    ?
     
  7. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    Code:
    # ps aux | grep wconf
    root     13723  0.0  0.0   3924   688 pts/0    SN+  15:21   0:00 grep wconf
    root     16848  0.0  0.0   4492  1024 ?        SN   Nov15   0:07 /bin/bash /root
    Code:
    # ls -la /root/ispconfig/
    total 108
    drwxr-xr-x 10 root root  4096 Nov 24 09:56 .
    drw--wx-wx  8 root root  4096 Nov 18 20:59 ..
    -rwxr-xr-x  1 root root 33074 Nov  4 20:31 cronolog
    -rwxr-xr-x  1 root root  9673 Nov  4 20:31 cronosplit
    drwxr-xr-x 12 root root  4096 Nov  4 20:23 httpd
    drwxr-xr-x 16 root root  4096 Nov  4 20:31 isp
    drwxr-xr-x  7 root root  4096 Nov  4 20:23 libmcrypt
    -rw-r--r--  1 root root     8 Nov 24 09:56 .old_path_httpd_root
    drwxr-xr-x  6 root root  4096 Nov  4 20:22 openssl
    drwxr-xr-x  6 root root  4096 Nov  4 20:28 php
    drwxr-xr-x  4 root root  4096 Nov 15 23:59 scripts
    drwxr-xr-x  4 root root  4096 Nov  4 20:31 standard_cgis
    drwxr-xr-x  2 root root  4096 Nov  4 20:31 sv
    -rwx------  1 root root  9389 Nov  4 20:31 uninstall
    
    
     
  8. falko

    falko Super Moderator ISPConfig Developer

    Can you restart ISPConfig...
    Code:
    /etc/init.d/ispconfig_server restart
    ... and post the output of
    Code:
    ps aux | grep wconf
    again?
     
  9. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    Yes, it was restarted
    Code:
    # ps aux | grep wconf
    root      2782  0.0  0.0   4492  1052 pts/1    SN   16:28   0:00 /bin/bash /root/ispconfig/sv/ispconfig_wconf
    root      2966  0.0  0.0   3928   680 pts/1    RN+  16:28   0:00 grep wconf
    
     
  10. falko

    falko Super Moderator ISPConfig Developer

    Ok, can you try to start the firewall again?

    Make sure that SELinux is disabled on your system?
     
  11. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    Ok at the moment seems that it work:

    Code:
    # iptables -L
    Chain INPUT (policy DROP)
    target     prot opt source               destination         
    DROP       tcp  --  anywhere             127.0.0.0/8         
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
    ACCEPT     all  --  anywhere             anywhere            
    DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere            
    PUB_IN     all  --  anywhere             anywhere            
    PUB_IN     all  --  anywhere             anywhere            
    PUB_IN     all  --  anywhere             anywhere            
    PUB_IN     all  --  anywhere             anywhere            
    DROP       all  --  anywhere             anywhere            
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination         
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
    DROP       all  --  anywhere             anywhere            
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    PUB_OUT    all  --  anywhere             anywhere            
    PUB_OUT    all  --  anywhere             anywhere            
    PUB_OUT    all  --  anywhere             anywhere            
    PUB_OUT    all  --  anywhere             anywhere            
    
    Chain INT_IN (0 references)
    target     prot opt source               destination         
    ACCEPT     icmp --  anywhere             anywhere            
    DROP       all  --  anywhere             anywhere            
    
    Chain INT_OUT (0 references)
    target     prot opt source               destination         
    ACCEPT     icmp --  anywhere             anywhere            
    ACCEPT     all  --  anywhere             anywhere            
    
    Chain PAROLE (10 references)
    target     prot opt source               destination         
    ACCEPT     all  --  anywhere             anywhere            
    
    Chain PUB_IN (4 references)
    target     prot opt source               destination         
    ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable 
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply 
    ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded 
    ACCEPT     icmp --  anywhere             anywhere            icmp echo-request 
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp 
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ssh 
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp 
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain 
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:http 
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:hosts2-ns 
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3 
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imap 
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https 
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ndmp 
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
    DROP       icmp --  anywhere             anywhere            
    DROP       all  --  anywhere             anywhere            
    
    Chain PUB_OUT (4 references)
    target     prot opt source               destination         
    ACCEPT     all  --  anywhere             anywhere            
    You have new mail in /var/spool/mail/root
    
    how can I avoid the Treason uncloaked?
    Is there a way to use the connlimit option or the iptables, the ipt_limit ?
     
    Last edited: Nov 27, 2009

Share This Page