How the Firewall module works

Introduction

Firewall is a standard security system for operating systems on which ISPmanager is installed:

  • Debian/CentOS - iptables
  • FreeBSD - ipfw

ISPmanager firewall can filter only incoming traffic.

Adding firewall rules

Debian/CentOS: when starting ISPmanager for the first time, the following chains will be created in iptables/ip6tables:

  1. ispmgr_deny_ip - contains denied IP addresses
  2. ispmgr_allow_ip - contains allowed IP addresses
  3. ispmgr_allow_sub - contains allowed subnets
  4. ispmgr_deny_sub - contains denied subnets

These chains are added to the end of the INPUT table in the order as they are described.

 Attention: parameters that are added into the chains manually can be edited incorrectly in ISPmanager.
 Attention: the rules described in ISPmanager firewall will be used for filtering network traffic only after user rules that were described prior to ISPmanager installation. 

FreeBSD: when starting ISPmanager for the firts time, the following sets will be added into ipfw:

  1. 27 - contains denied IP addresses. Starting from 20000.
  2. 28 - contains allowed IP addresses. Starting from 30000.
  3. 29 - contains allowed subnets . Starting from 40000.
  4. 30 - contains denied subnets. Starting from 50000.

For each set there is a pool of numbers containing 1000 records, i.e. the number of rules specified in each set cannot exceed 10000, otherwise an error may occur.

  Attention: when configuring the firewall settings manually (not through ISPmanager), using the "Firewall" module can cause unpredictable behaviour of the firewall of a target OS.

Was this answer helpful?

 Print this Article

Also Read

Software licensing policy

ISPsystem software products v.5 have a new licensing policy. There are two ways for activating...

Backup archives

In this module you can use a list of archives that were stored during the backup process. You can...

Updating server software

ISPmanager 5 enables to update software products installed on Debian, CentOS, FreeBSD. Complete...

External name servers

This module can be used to manage your external name servers. You may use a remote server with...

User management (DNSmanager)

There are 3 access levels in the DNSmanager control panel: Administrator - can use all...