+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: System Setup & Installation (/forum-32.html)
+--- Thread: Firewall rules (/thread-9460.html)
Firewall rules - NIIcK - 01-31-2010 06:53 PM
Hello again
,Just a quick one.
How do I add firewall rules that will last after a system reboot or shut down?
As far as I can tell by looking at the /etc/init.d/ispcp_network all rules in /etc/default/iptables-rules get overwritten by the ones in the ispcp_network when restarting the server.
Disabling the script will not be (I guess) a good idea since ispCP will not pick up the traffic anymore. Am I right?
Thank you,
Nick
RE: Firewall rules - NIIcK - 02-02-2010 10:24 PM
(01-31-2010 06:53 PM)NIIcK Wrote: Hello again
Just a quick one.
How do I add firewall rules that will last after a system reboot or shut down?
As far as I can tell by looking at the /etc/init.d/ispcp_network all rules in /etc/default/iptables-rules get overwritten by the ones in the ispcp_network when restarting the server.
Disabling the script will not be (I guess) a good idea since ispCP will not pick up the traffic anymore. Am I right?
Thank you,
Nick
No answer on this one?
***bump***
***bump***
RE: Firewall rules - scysys - 02-03-2010 12:39 AM
Firewall ?
The iptables rules are only for the "counter" of the traffics ... no firewall (accept / drop) by default.
RE: Firewall rules - kilburn - 02-03-2010 04:49 AM
Quote:As far as I can tell by looking at the /etc/init.d/ispcp_network all rules in /etc/default/iptables-rules get overwritten by the ones in the ispcp_network when restarting the server.
Look harder
Ispcp only adds two new chains that just count traffic, without touching any other rules/chaines already there. Even if you "/etc/init.d/ispcp_network restart", it only removes the old rules and regenerates them without touching anything else.Therefore, you can use your own firewall/rules... just make sure to call "/etc/init.d/ispcp_network restart" after modifying any rules in your firewall and you'll be fine.
PS: I don't know about others, but I tend to ignore posts which are **bumped**