UFW problem after latest update (3.0.5.4p9)

Discussion in 'Installation/Configuration' started by philgardner, Apr 1, 2016.

  1. philgardner

    philgardner Member

    My development server (Ubuntu 14.04 64-bit) was running fine with ISPConfig 3.0.5.4p8 and UFW; I had changed from Bastille and uninstalled it some time ago. In ISPConfig server configuration the firewall was correctly set to ufw, and the firewall record was active and working.

    I have just updated ISPConfig to version 3.0.5.4p9 by running ispconfig_update.sh and accepting the defaults. There were no errors, but during the update I was alarmed to see that the script said "Configuring Bastille" even though Bastille does not exist. Afterwards I couldn't access the server via ssh or the web interface – the only way I can get in is to disable UFW from the server console.

    How can I resolve this problem? I'd be very grateful for support on this.

    Thanks, Phil
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Which firewall is selected under System > Server config at the moment? Bastille or UFW?
     
  3. philgardner

    philgardner Member

    It's still UFW.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Stop bastille with its init script (but don't remove it as it will get reinstalled then as it is a part of each ispconfig setup) and then disable it with insserv, then try to start ufw again.
     
  5. philgardner

    philgardner Member

    Ah, I didn't realise that ISPConfig reinstalls bastille! I've stopped it, but I'm not sure how to disable it with insserv, and there are scary warnings in the manual page against executing insserv directly unless you know what you're doing - which I don't.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    You can also use update-rc.d command instead of insserv if you dont want to run insserv directly.

    update-rc.d -f bastille-firewall remove
     
  7. philgardner

    philgardner Member

    Thank you. I've done that, and then re-enabled ufw, but the problem is the same as before - the firewall is blocking the sshd port and 8080, and presumably all the others as well. I shall try rebooting the server ...
     
  8. philgardner

    philgardner Member

    No, still the same problem, I'm afraid.
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    You can use the UFW commands to check if the correct ports are open in its configuration.
     
  10. philgardner

    philgardner Member

    $ sudo ufw status verbose
    Status: active
    Logging: on (low)
    Default: deny (incoming), allow (outgoing), disabled (routed)
    New profiles: skip

    It seems that UFW is using its default rules and is ignoring those set by ISPConfig. I could of course set the rules manually as a workaround, but I'd rather get it working properly!
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Try to disable the firewall record in ispconfig and then enable it again, this should force the rules to be inserted in ufw again.
     
  12. philgardner

    philgardner Member

    Thank you. It was a bit tricky, as I had to disable ufw in the console in order to access the ISPConfig control panel. I did this:
    $ sudo ufw disable
    [made ISPConfig firewall inactive]
    $ sudo ufw enable
    [wait]
    $ sudo ufw disable
    [made ISPConfig firewall active]
    $ sudo ufw enable

    It's now working – I can access all the required services externally. The odd thing is, the rules still don't show up in ufw:
    $ sudo ufw status verbose
    Status: active
    Logging: on (low)
    Default: deny (incoming), allow (outgoing), disabled (routed)
    New profiles: skip

    But I'm not going to worry now it's working. Thank you for all your help.
     
  13. exyfeplin

    exyfeplin New Member

    I've just installed a new server with Ubuntu 16.04 and the latest ISPConfig 3.1dev. I installed UFW according to the "perfect server" instructions.
    My server configuration says that the firewall is ufw, and i have a firewall record that I have already recreated a few times. But UFW isn't running at all, apparently:
    # ufw status verbose
    Status: inactive
    #

    How can I get ufw to run and load the proper ruleset from ISPconfig?
     
  14. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

Share This Page