How the Firewall module works


Firewall is a standard security system for operating systems on which ISPmanager is installed:

  • Debian/CentOS - iptables
  • FreeBSD - ipfw

ISPmanager firewall can filter only incoming traffic.

Adding firewall rules

Debian/CentOS: when starting ISPmanager for the first time, the following chains will be created in iptables/ip6tables:

  1. ispmgr_deny_ip - contains denied IP addresses
  2. ispmgr_allow_ip - contains allowed IP addresses
  3. ispmgr_allow_sub - contains allowed subnets
  4. ispmgr_deny_sub - contains denied subnets

These chains are added to the end of the INPUT table in the order as they are described.

 Attention: parameters that are added into the chains manually can be edited incorrectly in ISPmanager.
 Attention: the rules described in ISPmanager firewall will be used for filtering network traffic only after user rules that were described prior to ISPmanager installation. 

FreeBSD: when starting ISPmanager for the firts time, the following sets will be added into ipfw:

  1. 27 - contains denied IP addresses. Starting from 20000.
  2. 28 - contains allowed IP addresses. Starting from 30000.
  3. 29 - contains allowed subnets . Starting from 40000.
  4. 30 - contains denied subnets. Starting from 50000.

For each set there is a pool of numbers containing 1000 records, i.e. the number of rules specified in each set cannot exceed 10000, otherwise an error may occur.

  Attention: when configuring the firewall settings manually (not through ISPmanager), using the "Firewall" module can cause unpredictable behaviour of the firewall of a target OS.

Was this answer helpful?

 Print this Article

Also Read

User management (DNSmanager)

There are 3 access levels in the DNSmanager control panel: Administrator - can use all...

List of users

This module can be used to manage your user accounts. You may add new users, edit their...

Software products

This module can be used for manging software products. You can select a version of the control...

How the "PHP settings" module works when modifying parameters

Introduction The user directory~/php-bin/ by default contains the following files:...

Administrators (ISPmanager)

An Administrator is a special user type which can manage the server with the same...