Hey guys, I am pretty new to linux in general but I really like ISPConfig so we are using that for a few services... I set up a VM and followed this guide exactly: http://www.howtoforge.com/perfect-server-debian-squeeze-with-bind-and-dovecot-ispconfig-3 so now that everything is setup, I need to put together the strictest firewall that I can while still giving myself access to the necessary ports. I really despise the firewall configurator that you get to by browsing to System -> Firewall -> Basic. As far as I can see, all you can do is open or close ports with it, which is not going to be flexible enough for me. I got excited when I hit the Monitor tab, at the very bottom, you can hit "show IPTables" and it will show you the iptables rules that are in effect. I want to add and modify rules to this file with the iptables commands that I know how to write. Here's what is there now: -P INPUT DROP -P FORWARD DROP -P OUTPUT ACCEPT -N INT_IN -N INT_OUT -N PAROLE -N PUB_IN -N PUB_OUT -N fail2ban-dovecot-pop3imap -N fail2ban-pureftpd -N fail2ban-ssh -A INPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable -A INPUT -s 208.66.47.19/32 -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT -A INPUT -d 127.0.0.0/8 ! -i lo -p tcp -j DROP -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 224.0.0.0/4 -j DROP -A INPUT -i eth+ -j PUB_IN -A INPUT -i ppp+ -j PUB_IN -A INPUT -i slip+ -j PUB_IN -A INPUT -i venet+ -j PUB_IN -A INPUT -i bond+ -j PUB_IN -A INPUT -j DROP -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -j DROP -A OUTPUT -o eth+ -j PUB_OUT -A OUTPUT -o ppp+ -j PUB_OUT -A OUTPUT -o slip+ -j PUB_OUT -A OUTPUT -o venet+ -j PUB_OUT -A OUTPUT -o bond+ -j PUB_OUT -A INT_IN -p icmp -j ACCEPT -A INT_IN -j DROP -A INT_OUT -p icmp -j ACCEPT -A INT_OUT -j ACCEPT -A PAROLE -j ACCEPT -A PUB_IN -p icmp -m icmp --icmp-type 3 -j ACCEPT -A PUB_IN -p icmp -m icmp --icmp-type 0 -j ACCEPT -A PUB_IN -p icmp -m icmp --icmp-type 11 -j ACCEPT -A PUB_IN -p icmp -m icmp --icmp-type 8 -j ACCEPT -A PUB_IN -p tcp -m tcp --dport 20 -j PAROLE -A PUB_IN -p tcp -m tcp --dport 21 -j PAROLE -A PUB_IN -p tcp -m tcp --dport 22 -j PAROLE -A PUB_IN -p tcp -m tcp --dport 25 -j PAROLE -A PUB_IN -p tcp -m tcp --dport 53 -j PAROLE -A PUB_IN -p tcp -m tcp --dport 80 -j PAROLE -A PUB_IN -p tcp -m tcp --dport 110 -j PAROLE -A PUB_IN -p tcp -m tcp --dport 143 -j PAROLE -A PUB_IN -p tcp -m tcp --dport 443 -j PAROLE -A PUB_IN -p tcp -m tcp --dport 993 -j PAROLE -A PUB_IN -p tcp -m tcp --dport 995 -j PAROLE -A PUB_IN -p tcp -m tcp --dport 3306 -j PAROLE -A PUB_IN -p tcp -m tcp --dport 8080 -j PAROLE -A PUB_IN -p tcp -m tcp --dport 8081 -j PAROLE -A PUB_IN -p tcp -m tcp --dport 10000 -j PAROLE -A PUB_IN -p udp -m udp --dport 53 -j ACCEPT -A PUB_IN -p udp -m udp --dport 3306 -j ACCEPT -A PUB_IN -p icmp -j DROP -A PUB_IN -j DROP -A PUB_OUT -j ACCEPT -A fail2ban-dovecot-pop3imap -j RETURN -A fail2ban-pureftpd -j RETURN -A fail2ban-ssh -j RETURN But of course I want to only allow HTTP/HTTPS to clients, and restrict every other service to only a couple of source addresses that we use for administration. So I assume this iptables rule file is just a text file somewhere that I can get to? But where? Also, I want to learn more about fail2ban and how I can permanently ban repeat offenders. Thanks!
The firewall rules you see are generated by ISPConfig's firewall (plus a few fail2ban rules). I don't know if you can achieve what you want with that firewall, however, you can check out its configuration - it's in the /etc/Bastille directory.