firewall does not work in v1.7 rc

i think there is no way to start or reload firewall in v1.7 rc
have installed on openvz and does not work

so i decided to write this small script

#!/bin/bash
# delete existing iptables rules
iptables -F

# drop all incoming connections
iptables -P INPUT DROP
iptables -P FORWARD DROP

# allow all outgoing conections
iptables -P OUTPUT ACCEPT

# SSH allow
iptables -A INPUT -j ACCEPT -p tcp --dport 58742

# HTTP allow
iptables -A INPUT -j ACCEPT -p tcp --dport 80
iptables -A INPUT -j ACCEPT -p tcp --dport 443

# cyberpanel and services allow (tcp)
iptables -A INPUT -j ACCEPT -p tcp --dport 25
iptables -A INPUT -j ACCEPT -p tcp --dport 8090
iptables -A INPUT -j ACCEPT -p tcp --dport 8891
iptables -A INPUT -j ACCEPT -p tcp --dport 993
iptables -A INPUT -j ACCEPT -p tcp --dport 995
iptables -A INPUT -j ACCEPT -p tcp --dport 7080
iptables -A INPUT -j ACCEPT -p tcp --dport 587
iptables -A INPUT -j ACCEPT -p tcp --dport 5003
iptables -A INPUT -j ACCEPT -p tcp --dport 110
iptables -A INPUT -j ACCEPT -p tcp --dport 143
iptables -A INPUT -j ACCEPT -p tcp --dport 465
iptables -A INPUT -j ACCEPT -p tcp --dport 53
iptables -A INPUT -j ACCEPT -p tcp --dport 21

# cyberpanel and services allow (udp)
iptables -A INPUT -j ACCEPT -p udp --dport 53
iptables -A INPUT -j ACCEPT -p udp --dport 35476

# allow localhost example php to local database
iptables -A INPUT -j ACCEPT -s 127.0.0.1

# allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

small and fine^^

Comments

  • add this for passive port range of pureftp^^
    iptables -A INPUT -j ACCEPT -p tcp --dport 40110:40210
  • edited July 17
    I guess for OVZ, guest VM functionality is greatly relied on host node configurations ...
  • qtwrk said:

    I guess for OVZ, guest VM functionality is greatly relied on host node configurations ...

    It should now work with OpenVZ too, some providers are still using old Centos 7 images, and when yum update runs it cripples firewalld, there is a small patch there for OpenVZ now.
  • edited July 18

    qtwrk said:

    I guess for OVZ, guest VM functionality is greatly relied on host node configurations ...

    It should now work with OpenVZ too, some providers are still using old Centos 7 images, and when yum update runs it cripples firewalld, there is a small patch there for OpenVZ now.
    Not working for me either and I am on a dedicated

    NVM, restarted and worked
Sign In or Register to comment.
Support CyberPanel CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!