I am having an issue with UFW and ISPConfig. When I setup the server like the Perfect Server Howto for Debian (the only deviation from it is that I am using 3 servers; one for Web, DB, and Mail, the other two are DNS servers), I was able to create firewall rules for the server. I was troubleshooting an issue and disabled the firewall through ISPConfig. I confirmed it was disabled by running "ufw status", which returned inactive. When I was ready to enable the firewall I checked the box to make it active and now I can't access the server remotely. All the ports are blocked including SSH, ISPConfig web site, and any other ports that I had open. The only way I have found to fix the issue is to delete the firewall entry in ISPConfig, purge UFW from the system, clear out any chains in iptables left over, and open it wide up. Then I can reinstall UFW and setup the firewall rules in ISPConfig and it appears to set it up correctly (in that the ports are working). Any thoughts on why this is happening? iptables -L (similar on the other two servers, just less ports opened)
Any news ? I've the same error on a virtual machine (kvm on proxmox), the VM has Debian 8.5 & ISPConfig, both up to date. I've removed firewall rules, switched to ufw and activated the rules. and all port are blocked (apache, ssh…). If I run "ufw status" : Code: Status: active To Action From -- ------ ---- 20/tcp ALLOW Anywhere 21/tcp ALLOW Anywhere 22/tcp ALLOW Anywhere 25/tcp ALLOW Anywhere 53/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 110/tcp ALLOW Anywhere 143/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 587/tcp ALLOW Anywhere 993/tcp ALLOW Anywhere 995/tcp ALLOW Anywhere 3306/tcp ALLOW Anywhere 8080/tcp ALLOW Anywhere 8081/tcp ALLOW Anywhere 10000/tcp ALLOW Anywhere 53/udp ALLOW Anywhere 3306/udp ALLOW Anywhere 20/tcp ALLOW Anywhere (v6) 21/tcp ALLOW Anywhere (v6) 22/tcp ALLOW Anywhere (v6) 25/tcp ALLOW Anywhere (v6) 53/tcp ALLOW Anywhere (v6) 80/tcp ALLOW Anywhere (v6) 110/tcp ALLOW Anywhere (v6) 143/tcp ALLOW Anywhere (v6) 443/tcp ALLOW Anywhere (v6) 587/tcp ALLOW Anywhere (v6) 993/tcp ALLOW Anywhere (v6) 995/tcp ALLOW Anywhere (v6) 3306/tcp ALLOW Anywhere (v6) 8080/tcp ALLOW Anywhere (v6) 8081/tcp ALLOW Anywhere (v6) 10000/tcp ALLOW Anywhere (v6) 53/udp ALLOW Anywhere (v6) 3306/udp ALLOW Anywhere (v6) I must disable the firewall to have access to the server again.
i tried with Debian 8.5 & Ubuntu 16.04 with ISPCONFIG 3.1RC1 & ISPCONFIG 3.1-dev with no success, ispconfig recognize UFW but when i set a rule from the web panel, the rules not applied...
I just tested it today with 3.1dev and rules get properly applied in UFW, so there is no problem in the ispconfig code. Maybe you missed to enable the firewall during installation? Check in /usr/local/ispconfig/server/plugins-enabled/ if the firewall plugin is enabled there. Here is the debug output from today which shows that UFW rules get applied properly: Code: 18.08.2016-07:09 - DEBUG - Calling function 'insert' from plugin 'firewall_plugin' raised by event 'firewall_insert'. 18.08.2016-07:09 - DEBUG - ufw allow 20/tcp 18.08.2016-07:09 - DEBUG - ufw allow 21/tcp 18.08.2016-07:09 - DEBUG - ufw allow 22/tcp 18.08.2016-07:09 - DEBUG - ufw allow 25/tcp 18.08.2016-07:09 - DEBUG - ufw allow 53/tcp 18.08.2016-07:09 - DEBUG - ufw allow 80/tcp 18.08.2016-07:09 - DEBUG - ufw allow 110/tcp 18.08.2016-07:09 - DEBUG - ufw allow 143/tcp 18.08.2016-07:09 - DEBUG - ufw allow 443/tcp 18.08.2016-07:09 - DEBUG - ufw allow 587/tcp 18.08.2016-07:09 - DEBUG - ufw allow 993/tcp 18.08.2016-07:09 - DEBUG - ufw allow 995/tcp 18.08.2016-07:09 - DEBUG - ufw allow 3306/tcp 18.08.2016-07:09 - DEBUG - ufw allow 8080/tcp 18.08.2016-07:09 - DEBUG - ufw allow 8081/tcp 18.08.2016-07:09 - DEBUG - ufw allow 10000/tcp 18.08.2016-07:09 - DEBUG - ufw allow 53/udp 18.08.2016-07:09 - DEBUG - ufw allow 3306/udp 18.08.2016-07:09 - DEBUG - Starting the firewall 18.08.2016-07:09 - DEBUG - Processed datalog_id 527
hello, i have tried another time the installation: # ufw status Status: active # php -q install.php . . . Configuring Ubuntu Firewall . . . Restarting services ... Installation completed. # ufw status Status: active no firewall plugin in /usr/local/ispconfig/server/plugins-enabled no work...
@till what kind of configuration you use for testing? operating system and UFW version .... i followed this with no success https://www.howtoforge.com/tutorial...l-pureftpd-bind-postfix-doveot-and-ispconfig/
I've tested this on Debian 8 and Ubuntu 16.04 with the UFW versions that ship with that OS at the moment.
ok, i think the problem are in permission of UFW folder, if i try to change 777 ispconfig upgrade ufw.conf, user.rules user6.rules and enable ufw.
ISPconfig runs the ufw command as root user to add and remove ports, it does not touch ufw.conf or any other ufw config file directly.
problem solved! i followed this step: create a symlink of firewall plugin from plugin-avaible to /usr/local/ispconfig/server/plugins-enabled go to web page on firewall settings and enable firewall, i need to remove ALL default rules with only one rule (for example i add only a 22tcp port), and save configuration. Then after this disabled ufw from shell and edit the firewall configuration from ispconfig web interface, i add all port 20,21,22,25,53,80,110,143,443,587,993,995,3306,8080,8081,10000 tcp and 53 udp and saved configuration. the file user.rules and user6.rules correct update with new settings. after this re enable firewall from shell: ufw enable all works now. i dont know why the installer dont add the firewall plugin on plugin enabled (in the two installation debian and ubuntu, ufw was installed).
Hello, i want today open a port and got the same problems. The port wont opened. But to be sure i want to ask if thats the same problem for ufw like yours. the status says inactiv, in panel firwall is active und defaults ports are open - right? so is that the same behavior as yours and the correct way is as nanni85 described?
I got same error. Firewall_plugin link isn't created during installation. Worked with Ubuntu 16.04.1 LTS - ufw 0.35 - Perfect Server Howto For others as reference: If the firewall service is not activated on one of your machines do the following: 1. Install ufw firewall 2. enable ufw firewall (ufw enable) # cd /usr/local/ispconfig/server/plugins-enabled/ # ln -s /usr/local/ispconfig/server/plugins-available/firewall_plugin.inc.php ./firewall_plugin.inc.php 4. create firewall record for server in ispconifg (or remove and create a new one if already existing) 5. check on "new" server if everything is fine: ufw status Thanks Till keep up ur excellent work! The new interface is really smart. On tablets too.
@cat1510, what 3.1 code did you install, git-stable, 3.1rc2, or something older? There have been enough people having this problem (missing firewall_plugin.inc.php symlink) that I imagine there is some scenario that's not caught by the installer. Maybe not having ufw when running ispconfig installer, and adding it later is the problem (ie. maybe the updater doesn't catch that ufw is available and creates the symlink). For sure if you say 'yes' to enable the firewall service, you don't want it silently running without a firewall.
Hi, first I used 3.1rc2. Later git-stable by: wget -O ispconfig.tar.gz https://git.ispconfig.org/ispconfig/ispconfig3/repository/archive.tar.gz?ref=stable-3.1 regards. CAT
Today I installed the stable ISPConfig 3 (which happened to be 3.1) on a fresh Debian 8.6 install. After everything was configured I noted the iptables output was not correct - fail2ban rules were listed but nothing else. As others have reported here I found there was not a symlink to firewall_plugin.inc.php. Should there also be a symlink to iptables_plugin.inc.php? I linked firewall_plugin.inc.php and then recreated my firewall rule to find myself locked out. Not sure what happened and not much useful was output to ispconfig debug log.