Firewall
Introduction
Firewall is a standard security system for operating systems on which ISPmanager is installed:
- Debian/CentOS — iptables
ISPmanager firewall can filter only incoming traffic.
Adding firewall rules
Debian/CentOS: when starting ISPmanager for the first time, the following chains will be created in iptables/ip6tables:
- ispmgr_deny_ip — contains denied IP addresses
- ispmgr_allow_ip — contains allowed IP addresses
- ispmgr_allow_sub — contains allowed subnets
- ispmgr_deny_sub — contains denied subnets
These chains are added to the end of the INPUT table in the order as they are described.
Additional parameters
Parameters are added into the file mgr5/etc/ispmgr.conf.
- Option FirewallCheckAccess — enables to add denying firewall rules regardless of the module limits.
Path to the rule file
Debian
- /etc/ispiptable.conf /etc/ispip6table.conf
- Run the script /etc/network/if-up.d/ispmgrfw
CentOS
- Standard /etc/sysconfig/iptables
Block by country
In ISPmanager Lite and ISPmanager Business starting from 5.77.0 countries cannot be blocked on OpenVZ.
In ISPmanager Business this function is available only if one or several cluster nodes do not use OpenVZ.