Firewall: Allow [port] from [host]

Discussion in 'Installation/Configuration' started by frakman, Feb 12, 2015.


Would you like more options for the firewall?

  1. yes

    1 vote(s)
  2. no

    0 vote(s)
  3. firewall?

    0 vote(s)
  1. frakman

    frakman New Member


    I'm about to setup ISP in a multiserver setup. For this I'm going to follow this guide.
    I am troubled with the ISPConfig firewall. It either blocks ports or it allows ports. It is also not clear to me how the firewalling is done. Is it using iptables or another means?
    I need to setup very specific rules.
    Example: The mysql server only needs to talk to servers in the setup, and not to any other servers or clients requesting access or trying to force access. So I want to allow port 3306 only to the servers I specify. Perfectly possible in IPtables, but not in the ISPConfig firewall.

    Does ISPConfig use IPtables? If yes, does ISP config overwrite the existing rules or make additional rules?
    If no, what system does ISPConfig use, and can I make changes outside of ISPConfig?

    Would it be better to disable the ISPConfig firewall in order to achieve my goal, or is there a convenient work-around?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The default ispconfig firewall is bastille firewall, a set of scripts for iptables. bastille can be extended by adding rules manually to a script, there are some pots abot that here in the forum. ispconfig supports also ufw firewall if you need a more advanced firewall. Or you turn off the firewall in ispconfig completely and install whatever firewall you want to use.
  3. frakman

    frakman New Member

    Hey Till,
    Thanks for your quick reply. I will have a look at Bastille later and see if it will fit the bill.

Share This Page