I am working on getting my servers and VMs IPv6 ready. Because bastille does not support IPv6 I have to change to UFW which should be supportet by 3.0.5. Which steps do I have to proceed to successfully replace bastille with UFW and getting it updated by ISPConfig?
I havent tested this, but it should work like this: 1) disable the firwall record in ispconfig to stop bastille. 2) Install ufw 3) run a ispconfig update with reconfigure services 4) set firewall type to ufw in ispconfig and enable the firewall record again.
I think 3) is not needed. But anyway, the ufw version must be 0.30 or newer (@Till: why?) and thus the default package of Debian Squeeze cannot be used.
If I follow these steps without step 3 I'm no longer able to connect through ssh despite this port is set to be open. Or could it be that fail2ban is not working correctly with ufw? I will try to change with performing step 3. By the way. If you change your server firewall and the state within one update cycle of ISPConfig i.e. in a short period it will first update the firewall status and then the server config. So if you change from Bastille to UWF and you switch it off and wait (until the job queue is finished). And then change the config en status it will activate Bastille again instead of UWF. Bottom line… wait until the server config is updated and then change firewall status.
Ok, i ran the updater like step 3 mentioned but it does not seem to configure ufw. Only Bastille is mentioned while reconfiguring. I switched off fail2ban as well (beforehand), but still I'm not able to connect through SSH after enabling UFW. Same settings with Bastille work fine. Multiserver Ubuntu setup btw.
