1

Topic: IPTable allows everything after first installation

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): iRedMail-1.3.2
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: Ubuntu Server 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

Before I started installing iRedMail, I had UFW enabled, and only allow my IP to access port 2222.
Then after first installation, I received this


*************************************************************************

< Question > Would you like to use firewall rules provided by iRedMail?
< Question > File: /etc/default/iptables, with SSHD ports: 2222. [Y|n]Y
[ INFO ] Copy firewall sample rules.
< Question > Restart firewall now (with ssh ports: 2222)? [y|N]y
[ INFO ] Restarting firewall ...
[ INFO ] Updating ClamAV database (freshclam), please wait ...
ERROR: /var/log/clamav/freshclam.log is locked by another process
********************************************************************

I rebooted my server, when I checked my UFW status, it's now disabled, so I guess iRedMail disabled my firewall.

But it's ok, I can live with iptables, Then I do this

$ sudo iptables -L


Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Panic ! my firewall accepts all connection.
My question is, what should I do with this iRedMail new generated file /etc/default/iptables ?
Because as we can see, everything is allowed.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: IPTable allows everything after first installation

Ubuntu uses nftables instead of iptables, but there's an issue in the latest iRedMail (1.3.2) and nftables doesn't get set up correctly.

See my response here to same issue https://forum.iredmail.org/post78511.html#p78511

3

Re: IPTable allows everything after first installation

RikuS wrote:

Ubuntu uses nftables instead of iptables, but there's an issue in the latest iRedMail (1.3.2) and nftables doesn't get set up correctly.

See my response here to same issue https://forum.iredmail.org/post78511.html#p78511

Thank you. Looking forward for the new version with this fix.