Bastille Firewall is a legacy software which does not run on Ubuntu 10.04. Please remove it from future ISPConfig3. Thanks.
Bastille is a iptables firewall script which does everything that we need it for, so it does not matter how often it is updated as it works fine. Beside bastille, ispconfig supports ufw as firewall since 3.0.5.
Firewall scripts I had to remove bastille also from my setup because I needed some NAT - IP masquerading setup plus a fair number of ports to be forwarded. I know there are much easier firewall scripts out there such as ufw but I am actually doing a fair amount of port forwarding and using iscsi and other bits of blackmagic and having had no choice a long time ago I had gone through the pain and suffering to get arno-iptables-firewall setup and configured. Kind of sucks cause I am always tempted to click on firewall from the backend and I seem to recall at one point I actually did and this broke a nice long list of things as it tried to setup both firewalls to run. while I do wish arno-iptables-firewall could be configured through there I accept the fact that might be asking for a bit much. Since you mention ufw being supported now, I am wondering if there is a way perhaps to turn off ispconfig3 from handing it at all? Im gonna hate myself if I end up with yet another way I can shoot myself in the head. Thanks..
If you don't install Bastille, ISpconfig firewall option just does not have any effect on the system's firewall. Then, you can install your own preferred firewall software. The startup script of Bastille can be manually removed or disabled.
Thats what I have done. I am using a simple combination of iptables + ipset + fail2ban (with ban2sql so everything is in a mysql database)
You did not had to remove it as bastille supports all kind of custom rules. Search the forum for bastille custom and you will find several threads that explain this in detail.
Old thread but... This is the unique reason that i'm not using ispconfig at this time. CSF <- Just don't try to find something better than this. You can't! Can you install csf on a server with ispconfig? Yes, you can, but this is not fully integrated with the control panel like it's working on cpanel. CSF can do, what a hardware firewall don't do!
Current ISPConfig versions support 2 firwalls: 1) Bastille Firewall 2) UFW Firewall If you like to see CSF firewall too, then feel free to implement it and submit a patch.
Thanks for the reply. Today, i'm gonna try. If i can I'll post a tutorial here. If i can use csf with ispconfig, cpanel is dead to me!
This does not matter at all as the bastille script is installed tigether with ISPConfig, so we neither need their website or forum. Bastille is just a script to generate iptable rules and as long as the Linux kernel supports iptables, there are no changes in Bastille required. If you dont want to use Bastille, then install UFW. UFW is supported by ISPConfig as well.
Good news. Bastille should be gone. CSF supports modsec since v6. # lfd: (mod_security) mod_security (id:340165) triggered by xxx.xxx.xxx.xxx Bare iptables is not enough nowadays. See CSF in work. Bastille is not the same class.
