After upgrading to ISPConfig 3.0.4, my firewall rules are no longer being processed. It appears my iptables are gone back to Ubuntu defaults (10.04) and any changes I make in ISPConfig are not being applied. iptables -L lists the following: Code: Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh fail2ban-courierauth tcp -- anywhere anywhere multiport dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-courierauth (1 references) target prot opt source destination Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere I have the following ports defined in ISP Config: 20,21,22,25,26,53,80,110,143,443,465,585,587,993,995,8080,10000,40110:40210 I am not even sure where to start troubleshooting. Thanks
Actually, I am getting this error: /sbin/bastille-ipchains: line 604: /sbin/ipchains: No such file or directory Shouldn't this be iptables?
I've just found the problem and fixed it in SVN. The problem is that the Bastille firewall init script doesn't detect kernel 3 and therefore thinks a kernel < 2.3 is being used. Please open /etc/init.d/bastille-firewall and replace line 61 Code: REALSCRIPT=/sbin/bastille-ipchains with Code: REALSCRIPT=/sbin/bastille-netfilter and remove this section: Code: if [ -n "$(uname -r | awk -F. ' $1 == 2 && $2 > 2 {print}')" ]; then # We are using Linux 2.3 or newer; use the netfilter script if available if [ -x /sbin/bastille-netfilter ]; then REALSCRIPT=/sbin/bastille-netfilter fi fi (lines 81 - 86)
Seems to be updating now! Thanks! So is this a problem with Bastille or was it caused by ISPConfig and I only just noticed it? Thanks!
Thats a bug in the bastille script which does not recognize linux kernels with version 3.x correctly. We will deliver a fixed bastille script with the next ispconfig release.
My firewall of ispconfig 3 is not working too Hello, firewall of my ispconfig 3 does not work too, perhaps due to the time iptables script accidentally deleted. Here view of iptables -L : Code: Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere i have followed this instruction : and i have message : Code: ERROR: "/sbin/bastille-netfilter" not available! please help me