1 Topic by Vortex (edited by Vortex 2015-11-09 09:53:12)

  • Vortex
  • Member
  • Offline
  • Registered: 2014-05-20
  • Posts: 54

Topic: iptables and ufw

======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: Ubuntu 14.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache2
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue: n/a
====

Hello Zhang.  I'm running iredmail and use Webmin to manage most simple tasks.  I'm setting up a firewall to allow extra ports as recommended in a couple of the iredmail upgrade options. 

I decided to try the Linux Firewall in Webmin.  However since I've changed some options I have not been able to revert back to ufw supplied with iredmail.  Please tell me where the ufw rules file is placed so I can edit it and discontinue using the Linux Firewall.

It seems that after I started to configure iptables with Linux Firewall in Webmin I cannot now access the actual rules configuration files

Thanks in advance, Greg

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: iptables and ufw

On Debian/Ubuntu, iRedMail stores iptables rules in /etc/default/iptables, and start/stop iptables with /etc/init.d/iptables.

3 Reply by Vortex

  • Vortex
  • Member
  • Offline
  • Registered: 2014-05-20
  • Posts: 54

Re: iptables and ufw

Hi Zhang, thanks for your reply.

Have done that, but can't seem to get a consistent result.

Is there a way to re-install the iRedmail version of firewall without upsetting the Linux firewall as it uses iptables as well?

Thanks, Greg

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: iptables and ufw

Vortex wrote:

Have done that, but can't seem to get a consistent result.

Excuse me, what do you mean "a consistent result"?

5 Reply by Vortex (edited by Vortex 2015-11-09 18:04:34)

  • Vortex
  • Member
  • Offline
  • Registered: 2014-05-20
  • Posts: 54

Re: iptables and ufw

ZhangHuangbin wrote:
Vortex wrote:

Have done that, but can't seem to get a consistent result.

Excuse me, what do you mean "a consistent result"?

It seems the Linux firewall overwrites the iptables, but I can't track down the exact cause.  I've turn off Linux Firewall but cannot seem to apply any new rules to iptables files.  I keep getting an error the points to the line with the COMMIT directive..  I tried restoring the original iptables file from iRedmail install package but still get the COMMIT error.

** Update - here is the error

root@VBoX:/home/ubuntu# iptables-restore < /etc/default/iptables
iptables-restore v1.4.21: no command specified
Error occurred at line: 76
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
root@VBoX:/home/ubuntu# iptables-restore < /etc/default/iptables
iptables-restore: COMMIT expected at line 77

First attempt error at line 76.
Second attempt error at line 77 after comment out COMMIT

Cheers, Greg


Regards, Greg

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: iptables and ufw

You don't need to run 'iptables-restore', please simply run "/etc/init.d/iptables restart".

7 Reply by Vortex (edited by Vortex 2015-11-10 06:05:48)

  • Vortex
  • Member
  • Offline
  • Registered: 2014-05-20
  • Posts: 54

Re: iptables and ufw

Hi Zhang, thanks for your reply.  This is the same problem.  Ther error comes with the COMMIT line.  Have attached the iptables file.

ubuntu@VBoX:~$ sudo /etc/init.d/iptables restart
* Flushing firewall rules iptables                                      [ OK ]
* Setting chains to policy ACCEPT                                               raw nat mangle filter                                                   [ OK ]
Unloading iptables modules                                               [fail]
* Applying iptables firewall rules                                             iptables-restore: line 66 failed
                                                                         [fail]

This file was in operation until I started the Linux firewall.  The linus firewall is now stopped.

Thanks. Greg

Post's attachments

iptables_10Nov2015.txt 2.64 kb, 2 downloads since 2015-11-09 

You don't have the permssions to download the attachments of this post.

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: iptables and ufw

Try this:

*) Download our sample rule file, override /etc/default/iptables:
https://bitbucket.org/zhb/iredmail/raw/ … bles.rules

*) Download our sample init script, override /etc/init.d/iptables:
https://bitbucket.org/zhb/iredmail/raw/ … nit.debian

*) Restart iptables service:

sudo chmod +x /etc/init.d/iptables
sudo /etc/init.d/iptables restart

9 Reply by Vortex (edited by Vortex 2015-11-10 16:26:34)

  • Vortex
  • Member
  • Offline
  • Registered: 2014-05-20
  • Posts: 54

Re: iptables and ufw

ZhangHuangbin wrote:

Try this:

*) Download our sample rule file, override /etc/default/iptables:
https://bitbucket.org/zhb/iredmail/raw/ … bles.rules

*) Download our sample init script, override /etc/init.d/iptables:
https://bitbucket.org/zhb/iredmail/raw/ … nit.debian

*) Restart iptables service:

sudo chmod +x /etc/init.d/iptables
sudo /etc/init.d/iptables restart

Hi Zhang, I did what you suggested, but still get this error

ubuntu@VBoX:~$ sudo chmod +x /etc/init.d/iptables
ubuntu@VBoX:~$ sudo /etc/init.d/iptables restart
* Flushing firewall rules iptables                                      [ OK ]
* Setting chains to policy ACCEPT                                               filter                                                                  [ OK ]
* Applying iptables firewall rules                                             iptables-restore v1.4.21: no command specified
Error occurred at line: 81
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

Any further ideas?
Thanks, Greg

UPDATE
Have found a file in Webmin that may be an answer to the problem?? Here is a bit of the file.

Module introduction
This module allows you to configure the IPtables firewall features found in the 2.4 series of Linux kernels. Unlike some other firewall configuration programs, instead of creating a shell script that sets up the firewall, it reads and edits a save file in the format read and written by iptables-restore and iptables-save respectively.

If you already have a firewall on your system that has been setup manually or from a script file, the module will offer to convert it to an IPtables save file for you, and create a script to be run at boot time to activate the rules in the file. However, if you do this then you should no longer edit your firewall rules script and should disable it from running at boot time as well.
........
........
........
At the bottom of the page is a button for making the current firewall configuration active, by loading it into the kernel with the iptables-restore command. Below it is a button for doing the reverse - taking the configuration that is currently in the kernel and making it available for editing. Finally, if your distribution supports it, there is a button to change whether the firewall is activated at boot time or not.

It appears this module has overwritten the ability to revert to manual iptables configuration.  What's your view?

Greg

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: iptables and ufw

No idea, sorry.

11 Reply by Vortex

  • Vortex
  • Member
  • Offline
  • Registered: 2014-05-20
  • Posts: 54

Re: iptables and ufw

ZhangHuangbin wrote:

No idea, sorry.

Hi Zhang, have managed to get it working using the Linux Firewall in Webmin.  It was a tedious problem, because of the many places iptables config files are located in Ubuntu 14.04, but in fact now the rules are much easier to manage with the visual tool.

Thanks for your help.

[Closed]