ispCP - Board - Support
Firewall rules - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: System Setup & Installation (/forum-32.html)
+--- Thread: Firewall rules (/thread-9460.html)



Firewall rules - NIIcK - 01-31-2010 06:53 PM

Hello again Smile ,

Just a quick one.

How do I add firewall rules that will last after a system reboot or shut down?

As far as I can tell by looking at the /etc/init.d/ispcp_network all rules in /etc/default/iptables-rules get overwritten by the ones in the ispcp_network when restarting the server.

Disabling the script will not be (I guess) a good idea since ispCP will not pick up the traffic anymore. Am I right?

Thank you,

Nick


RE: Firewall rules - NIIcK - 02-02-2010 10:24 PM

(01-31-2010 06:53 PM)NIIcK Wrote:  Hello again Smile ,

Just a quick one.

How do I add firewall rules that will last after a system reboot or shut down?

As far as I can tell by looking at the /etc/init.d/ispcp_network all rules in /etc/default/iptables-rules get overwritten by the ones in the ispcp_network when restarting the server.

Disabling the script will not be (I guess) a good idea since ispCP will not pick up the traffic anymore. Am I right?

Thank you,

Nick

No answer on this one? Sad
***bump***
***bump***


RE: Firewall rules - scysys - 02-03-2010 12:39 AM

Firewall ?

The iptables rules are only for the "counter" of the traffics ... no firewall (accept / drop) by default.


RE: Firewall rules - kilburn - 02-03-2010 04:49 AM

Quote:As far as I can tell by looking at the /etc/init.d/ispcp_network all rules in /etc/default/iptables-rules get overwritten by the ones in the ispcp_network when restarting the server.

Look harder Tongue Ispcp only adds two new chains that just count traffic, without touching any other rules/chaines already there. Even if you "/etc/init.d/ispcp_network restart", it only removes the old rules and regenerates them without touching anything else.

Therefore, you can use your own firewall/rules... just make sure to call "/etc/init.d/ispcp_network restart" after modifying any rules in your firewall and you'll be fine.

PS: I don't know about others, but I tend to ignore posts which are **bumped**