How the Firewall module works
Firewall is a standard security system for operating systems on which ISPmanager is installed:
- Debian/CentOS - iptables
- FreeBSD - ipfw
ISPmanager firewall can filter only incoming traffic.
Adding firewall rules
Debian/CentOS: when starting ISPmanager for the first time, the following chains will be created in iptables/ip6tables:
- ispmgr_deny_ip - contains denied IP addresses
- ispmgr_allow_ip - contains allowed IP addresses
- ispmgr_allow_sub - contains allowed subnets
- ispmgr_deny_sub - contains denied subnets
These chains are added to the end of the INPUT table in the order as they are described.Attention: parameters that are added into the chains manually can be edited incorrectly in ISPmanager.Attention: the rules described in ISPmanager firewall will be used for filtering network traffic only after user rules that were described prior to ISPmanager installation.
FreeBSD: when starting ISPmanager for the firts time, the following sets will be added into ipfw:
- 27 - contains denied IP addresses. Starting from 20000.
- 28 - contains allowed IP addresses. Starting from 30000.
- 29 - contains allowed subnets . Starting from 40000.
- 30 - contains denied subnets. Starting from 50000.
For each set there is a pool of numbers containing 1000 records, i.e. the number of rules specified in each set cannot exceed 10000, otherwise an error may occur.Attention: when configuring the firewall settings manually (not through ISPmanager), using the "Firewall" module can cause unpredictable behaviour of the firewall of a target OS.
Was this answer helpful?
ISPmanager by default uses Afterlogic as a web-interface for email management. Official...
DNSmanager is a DNS slave server management system. It can be used both as a stand-alone...
An Administrator is a special user type which can manage the server with the same...
In this module you can manage a wide range of server applications available to you and...
Supported software Currently, ISPmanager supports the following servers: Nginx 1.1.15 and...