My webserver was compromised, and whilst I move sites over to a new one I need to block all outgoing SMTP. This is because trojans are sending out hundreds of thousands of emails. I've added a new rule to IPTables DROP tcp -- anywhere anywhere tcp dpt:smtp Should I just use iptables-persistent package in Debian Wheezy to make this rule stick after reboot?
The only part that uses iptables in ISPConfig is the bastille firewall script. You can e.g. add your iptables command to the /etc/rc.local file so that it gets executed at boot time.
Any feedback on CSF firewall. We added that along with log monitor + lfd, just wanted to make sure there are no compatibility issues and now that I think about it I am also wondering if this is/was the reason my Billing Module -> PayPal -> Return Success Paid -> would not work correctly but I'll give it another run with Firewall OFF and make sure my PayPal has "Development" status, off-topic but sort of related.
You may use any firewall with ispconfig. Just dont add a firewall record in ISPConfig then. I cant tell you if your CSF rules interfere witth paypal IPN messages.