How the Firewall module works

Introduction

Firewall is a standard security system for operating systems on which ISPmanager is installed:

  • Debian/CentOS - iptables
  • FreeBSD - ipfw

ISPmanager firewall can filter only incoming traffic.

Adding firewall rules

Debian/CentOS: when starting ISPmanager for the first time, the following chains will be created in iptables/ip6tables:

  1. ispmgr_deny_ip - contains denied IP addresses
  2. ispmgr_allow_ip - contains allowed IP addresses
  3. ispmgr_allow_sub - contains allowed subnets
  4. ispmgr_deny_sub - contains denied subnets

These chains are added to the end of the INPUT table in the order as they are described.

 Attention: parameters that are added into the chains manually can be edited incorrectly in ISPmanager.
 Attention: the rules described in ISPmanager firewall will be used for filtering network traffic only after user rules that were described prior to ISPmanager installation. 

FreeBSD: when starting ISPmanager for the firts time, the following sets will be added into ipfw:

  1. 27 - contains denied IP addresses. Starting from 20000.
  2. 28 - contains allowed IP addresses. Starting from 30000.
  3. 29 - contains allowed subnets . Starting from 40000.
  4. 30 - contains denied subnets. Starting from 50000.

For each set there is a pool of numbers containing 1000 records, i.e. the number of rules specified in each set cannot exceed 10000, otherwise an error may occur.

  Attention: when configuring the firewall settings manually (not through ISPmanager), using the "Firewall" module can cause unpredictable behaviour of the firewall of a target OS.

Was this answer helpful?

 Print this Article

Also Read

ISPmanager Panel System Requirements

The ISPmanager control panel requirements are minimal. The panel is more universal with broad...

Postfix configuration file

Example of the postfix/main.cf configuration file Following is the example of Postfix...

Applications (ISPmanager)

In this module you can manage a wide range of server applications available to you and...

Sheduler (cron) (ISPmanager)

ISPmanager allows automatic execution of scheduled jobs using Cron. Cron is a daemon that...

Backup plans

This module can be used you to manage the backup plans to save your server data from an accident...