How the Firewall module works
Firewall is a standard security system for operating systems on which ISPmanager is installed:
- Debian/CentOS - iptables
- FreeBSD - ipfw
ISPmanager firewall can filter only incoming traffic.
Adding firewall rules
Debian/CentOS: when starting ISPmanager for the first time, the following chains will be created in iptables/ip6tables:
- ispmgr_deny_ip - contains denied IP addresses
- ispmgr_allow_ip - contains allowed IP addresses
- ispmgr_allow_sub - contains allowed subnets
- ispmgr_deny_sub - contains denied subnets
These chains are added to the end of the INPUT table in the order as they are described.Attention: parameters that are added into the chains manually can be edited incorrectly in ISPmanager.Attention: the rules described in ISPmanager firewall will be used for filtering network traffic only after user rules that were described prior to ISPmanager installation.
FreeBSD: when starting ISPmanager for the firts time, the following sets will be added into ipfw:
- 27 - contains denied IP addresses. Starting from 20000.
- 28 - contains allowed IP addresses. Starting from 30000.
- 29 - contains allowed subnets . Starting from 40000.
- 30 - contains denied subnets. Starting from 50000.
For each set there is a pool of numbers containing 1000 records, i.e. the number of rules specified in each set cannot exceed 10000, otherwise an error may occur.Attention: when configuring the firewall settings manually (not through ISPmanager), using the "Firewall" module can cause unpredictable behaviour of the firewall of a target OS.
Was this answer helpful?
How logs rotation works By default for logs rotation ISPmanager 5 uses...
This article describes tables of the internal database of ISPmanager Lite. The description is...
This module can be used to manage your external name servers. You may use a remote server with...
Exim configuration file in details Following is an example of the Exim configuration file on...
Details of the dovecot Following is the example of Dovecot on Debian. You can see the lines that...