Hello everyone, While updating ISPConfig today, I saw this: Code: [...] Reconfigure Permissions in master database? (yes,no) [no]: yes Service 'firewall_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]: [...] I'm unsure what this is about, could you please tell me what "firewall_server" is supposed to do? I initially followed the instructions to install "the perfect server" so I'm wondering if I missed something and if I should consider activating it? And just to let you guys know, it's a multiserver install on Debian Jessie with 2 servers running all services. Any comments and advice welcome. Thanks!
The firewall-service is currently not enabled on your server and you can activate this with "yes" during the update. Older versions didn't show such a warning and left the service inactive.
the 'server' in firewall_server is probably misleading, it's simply the piece that makes the firewall/port changes in the system after you set them in ispconfig. Ie. without it enabled, you could add some ports to your server under System > Firewall, and nothing would actually change in your iptables rules; with it enabled, the changes should show up in iptables.
Thank you for your answers guys. I assume it might be best to activate it next time I'm updating ISPConfig. As I understand, Bastille should be installed, but should I also install anything else (additional packages) to ensure it works? Right now it looks like it works fine:
Your images aren't showing for me. I would ditch bastille and install ufw personally, but if you only use ipv4 it will do the job.
Hello, I finally got around to update from 3.0.5P9 to 3.1.2. I have upgraded the CP, and 3 Apache webservers. On the second update, I got this message: Service 'firewall_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]: And I replied 'no'. Question, how do I enable the 'firewall_server'? I can no rerun the update because it is already been updated. I can not find 'enable' firewall in the CP anywhere I have looked. Thank you. Craig
For me, you can always rerun the update but have to opt for git-stable (3.1dev) for this round. You can revert back to 3.1.2 (opt for stable) if you want to run update again. I think ISPC install / update change the firewall file(s) to be able to manage it properly as such I am not so sure if there is any other way except if you know what file(s) and how ISPC is changing them during that process.
Thanks for the reply, but, there's got to be another way of enabling the firewall without doing a Dev update then doing a Stable update. I grepped the ISPConfig looking for a 'flag' to set but there are too many 'hits' to figure out what file to pop. And if I popped it by hand on the Web server, it wouldn't tell the CP that the Firewall is enabled so an config change could wipe out my change.
You can re-run the update.php script manually, just download the tar archive, unpack it and run "php update.php" from the install/ directory. For your case of updating stable it's even easier, just run: Code: /usr/local/ispconfig/server/scripts/update_stable.sh
Thanks for the reply. I ran: /usr/local/ispconfig/server/scripts/update_stable.sh ... and: Service 'firewall_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]: yes I waited for a while, iptables -L still showed the basic. I rebooted. Same thing: no firewall rules. I reran the update. Same thing. I added an Open Port 53 to the list ... iptables -L now shows the Firewall so I have removed port 53 from the list ... Firewall still shows. I have since rebooted to make sure the Firewall comes up ... it does. Appreciate the help. Thank you.
You are correct. I failed to change the message. My mistake has been edited out. Thanks for pointed that out.