Welcome Guest. Please Login or Register  


You are here: Index > Virtualizor - Virtual Server Control Panel > Suggestions > Topic : virtualizor restart clear iptables rules even if you are not using the built-in firewall



Threaded Mode | Print  

 virtualizor restart clear iptables rules even if you are not using the built-in firewall (8 Replies, Read 24632 times)
uname-r
Group: Member
Post Group: Newbie
Posts: 38
Status:

a virtualizor restart should not clear the iptables rules if we are not using the built-in firewall. ..it does right now!

If virtualizor is updated, then the iptables rules are flushed, and we need to restart them manualy.

automatic updates are secure on the side of the update, but insecure on the side of the firewall.

..possible for the virtualizor developers to improve a little on that side?  I opened this as a bug, because i saw few times than our iptables rules were cleared by just leaving the automatic update on.
IP: --   

virtualizor restart clear iptables rules even if you are not using the built-in firewall
uname-r
Group: Member
Post Group: Newbie
Posts: 38
Status:
STEPS TO REPRODUCE :

- just stop using the built-in firewall : disable ip.

- setup your own rules with lot's of care

- restart virtualizor, or complete an upgrade

- do an iptables -L : magic... ...your rules dissapeard, so you need to login to the server to restart iptables after each virtualizor updates.

I bet there are lot's of peoples having absolutely no rules active on their server for this reason :)
IP: --   

virtualizor restart clear iptables rules even if you are not using the built-in firewall
andresadanmx
Group: Member
Post Group: Newbie
Posts: 3
Status:

Dale poder a tu app con alojamiento web poderoso
No response after a long time and the bug still persists.
That happened to me but did not understand why.
Sometimes I noticed that the server firewall rules had "disappeared" magically, I had to make a script that regenerated the rules every time it happened.  ;-D

-----------------------
Web hosting confiable - VPS hosting México
IP: --   

virtualizor restart clear iptables rules even if you are not using the built-in firewall
manekari
Group: Virtualizor Team
Post Group: Working Member
Posts: 212
Status:
Hello,


Sir, Virtualizor restarts its service while updating to new version. This makes iptables to stop. This happens while you update the VIrtualizor to new version, restart the Virtualizor service manually, or reboot the main server.

We are investigating on this issue and will come with an solution.

Please let us know if you need any further information.

Regards,
Virtualizor Team.
IP: --   

virtualizor restart clear iptables rules even if you are not using the built-in firewall
uname-r
Group: Member
Post Group: Newbie
Posts: 38
Status:
Hi,

We are using CSF Firewall on Virtualizor now, and it work nicely since months now.

I would suggest to add an integration of CSF to Virtualizor : would be just much better.  The firewall that comes with Virtualizor is a little too minimal imho.

The Virtualzior Firewall have never stopped to shut off at every updates, and also at every reboots.
IP: --   

virtualizor restart clear iptables rules even if you are not using the built-in firewall
MarmottesB&D
Group: Member
Post Group: Newbie
Posts: 6
Status:
Quote From : uname-r August 13, 2014, 6:56 pm
Hi,

We are using CSF Firewall on Virtualizor now, and it work nicely since months now.


Hi,

Could you post your csf.conf ?

Thanks
IP: --   

virtualizor restart clear iptables rules even if you are not using the built-in firewall
quickbooks2018
Group: Member
Post Group: Working Newbie
Posts: 69
Status:
Dear Support Team,

I installed csf running successfully, I allowed the port 4085.

but is not working,

when I stop the csf and lfd ALL IS WELL.

Regards
IP: --   

virtualizor restart clear iptables rules even if you are not using the built-in firewall
wolke
Group: NOC
Post Group: Working Member
Posts: 142
Status:
Special care should be taken with csf on kvm nodes!
If you do a csf -r (or csf -x && csf -e) all guest vm immediately loses connectivity if they are using NAT IP. You need to restart libvirtd manually after issuing the above csf commands.
libvirtd adds own NAT rules to IPtable which can´t be currently managed by csf.
So if you are using NAT IP you should create a script to restart csf, for example
/usr/local/sbin/csfrestart
Code
#!/bin/bash
csf -x
csf -e
service libvirtd restart

You need to make it chmod +x
I really would appreciate too, if csf would be fully assimilated into virtualizor as the only point of iptables management.



Edited by wolke : September 20, 2018, 10:04 am
IP: --   

virtualizor restart clear iptables rules even if you are not using the built-in firewall
wolke
Group: NOC
Post Group: Working Member
Posts: 142
Status:
Quote From : quickbooks2018 November 18, 2017, 9:03 am

I installed csf running successfully, I allowed the port 4085.

At each slave use /etc/csf/csf.ignore and enter your IP of the master.At the master add all slave IP into csf.ignore.
That´s the easy way, not the most secure one, but just opening ports (for everybody!) isn´t too.
Another solution is to use csf.ignore to restrict IP AND Ports. (See csf docs) but many people claim that it isn´t working.


IP: --   

« Previous    Next »

Threaded Mode | Print  



Jump To :


Users viewing this topic
1 guests, 0 users.


All times are GMT. The time now is December 12, 2018, 9:17 pm.

  Powered By AEF 1.0.8 © 2007-2008 Electron Inc.Queries: 11  |  Page Created In:0.316