My development server (Ubuntu 14.04 64-bit) was running fine with ISPConfig 3.0.5.4p8 and UFW; I had changed from Bastille and uninstalled it some time ago. In ISPConfig server configuration the firewall was correctly set to ufw, and the firewall record was active and working. I have just updated ISPConfig to version 3.0.5.4p9 by running ispconfig_update.sh and accepting the defaults. There were no errors, but during the update I was alarmed to see that the script said "Configuring Bastille" even though Bastille does not exist. Afterwards I couldn't access the server via ssh or the web interface – the only way I can get in is to disable UFW from the server console. How can I resolve this problem? I'd be very grateful for support on this. Thanks, Phil
Stop bastille with its init script (but don't remove it as it will get reinstalled then as it is a part of each ispconfig setup) and then disable it with insserv, then try to start ufw again.
Ah, I didn't realise that ISPConfig reinstalls bastille! I've stopped it, but I'm not sure how to disable it with insserv, and there are scary warnings in the manual page against executing insserv directly unless you know what you're doing - which I don't.
You can also use update-rc.d command instead of insserv if you dont want to run insserv directly. update-rc.d -f bastille-firewall remove
Thank you. I've done that, and then re-enabled ufw, but the problem is the same as before - the firewall is blocking the sshd port and 8080, and presumably all the others as well. I shall try rebooting the server ...
$ sudo ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip It seems that UFW is using its default rules and is ignoring those set by ISPConfig. I could of course set the rules manually as a workaround, but I'd rather get it working properly!
Try to disable the firewall record in ispconfig and then enable it again, this should force the rules to be inserted in ufw again.
Thank you. It was a bit tricky, as I had to disable ufw in the console in order to access the ISPConfig control panel. I did this: $ sudo ufw disable [made ISPConfig firewall inactive] $ sudo ufw enable [wait] $ sudo ufw disable [made ISPConfig firewall active] $ sudo ufw enable It's now working – I can access all the required services externally. The odd thing is, the rules still don't show up in ufw: $ sudo ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip But I'm not going to worry now it's working. Thank you for all your help.
I've just installed a new server with Ubuntu 16.04 and the latest ISPConfig 3.1dev. I installed UFW according to the "perfect server" instructions. My server configuration says that the firewall is ufw, and i have a firewall record that I have already recreated a few times. But UFW isn't running at all, apparently: # ufw status verbose Status: inactive # How can I get ufw to run and load the proper ruleset from ISPconfig?
Make sure the `/usr/local/ispconfig/server/plugins-enabled/firewall_plugin.inc.php` symlink is created, and see https://www.howtoforge.com/communit...-on-multisite-installation.73742/#post-347048