Firewall. Technical details (ISPmanager)

From ISPWiki

Jump to: navigation, search

Firewall functionality varies depending on the operating system, so it will be described for each supported operating system.

Mind that any mistake that you make while configuring your Firewall may result in blocking your access to the server. Please, be careful when using the module.

Make sure that your Firewall is up and running and supported by the the kernel.

How does the Firewall module work?

The control panel defines a of the network ports awaiting connection and searches for the corresponding server names in /etc/services.

All the filtration rules are kept in /etc/firewall.conf. While changing the set of firewall rules, two commands are executed. They reset the old set of rules and loads a new one:

ipfw flush ipfw /etc/firewall.conf

On the Linux-based operating systems Firewall is implemented by means of iptables. All the packages from the INPUTchain are moved into a newly created ISPMGR chain.

The rules are kept in the file, which path may be specified in the path iptables option of the control panel configuration file. If control panel is installed on CentOS, default path to save and to read is /etc/sysconfig/iptables. Execute

/sbin/iptables-restore -c < /etc/sysconfig/iptables if you need download rules to ISPmanager.

In case of the error

/sbin/iptables-restore -c < /etc/sysconfig/iptables
iptables-restore: line 6 failed

check if in file /etc/sysconfig/iptables ISPmanager chain is declared (if not -add :ISPMGR - [0:0]). Usually it looks like

# Generated by ISPmanager install script. Original file saved to __FILE__
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:ISPMGR - [0:0]
Was this helpful? Yes | No
Personal tools