Firewall with geoip - Githubissues

outroll / vesta

VESTA Control Panel

http://vestacp.com

GNU General Public License v3.0

2.95k stars 1.03k forks source link

Firewall with geoip #1783

Open ttouf opened 5 years ago

ttouf commented 5 years ago

Operating System (OS/VERSION):

Ubuntu 16.04

VestaCP Version:

0.9.8 23

Installed Software (what you got with the installer):

full package

Introduction:

I've installed Geoip to allow only some countries to access to the VPS Everything is going well, when I type the command over SSH: iptables -I INPUT -m geoip --src-cc CA -j ACCEPT it works fine

The problem:

Vestacp does not keep this rule after restarting the firewall or the VPS even though I used iptables-persistent
I can't add the rule using Vestacp UI because no ip used here Please let me know how to save this type of rules? Thanks for your attention

Skamasle commented 5 years ago

You can try add this rule in vestacp configuration file directly, but maybe this broke intarface section for firewall

In my opinion the easy way solve this is disable vesta firewall

Why ?

You use custom rules than vestacp not support, so, you can manage vestacp firewall by your way,

You can try edit vestacp firewall manully or disable it and manage all rules by your hand.

ttouf commented 5 years ago

You can try add this rule in vestacp configuration file directly, but maybe this broke intarface section for firewall

In my opinion the easy way solve this is disable vesta firewall

Why ?

You use custom rules than vestacp not support, so, you can manage vestacp firewall by your way,

You can try edit vestacp firewall manully or disable it and manage all rules by your hand.

@Skamasle Thank you for your interest do you mean must uninstall iptables from vestacp and install it manually out of Vestacp? I will tray this and back with the result thank you

Skamasle commented 5 years ago

You not need uninstall it, just disable firewall with vesta tools and manage it by your hand, or edit vesta configurations files.

Not have any vesta nowtosay exactly what file, but is in usr/local/vesta/ there is a config file with firewall rules

bwakefield commented 5 years ago

There is an option in the Vesta interface to disable the Vesta firewall integration.

In the Server tab Click Configure for your server name Expand Vesta Control Panel Plugins You will see some options that can be turned on and off. One of them is Firewall

After you turn it off I assume you can just manage the firewall rules manually, outside of Vesta.

(until support for what you are doing is added!)

ghost commented 5 years ago

Operating System (OS/VERSION):

Ubuntu 16.04

VestaCP Version:

0.9.8 23

Installed Software (what you got with the installer):

full package

Introduction:

I've installed Geoip to allow only some countries to access to the VPS Everything is going well, when I type the command over SSH: iptables -I INPUT -m geoip --src-cc CA -j ACCEPT it works fine

The problem:

Vestacp does not keep this rule after restarting the firewall or the VPS even though I used iptables-persistent

I can't add the rule using Vestacp UI because no ip used here Please let me know how to save this type of rules? Thanks for your attention

Hey, when you run the command "iptables -I INPUT -m geoip --src-cc CA -j ACCEPT" in your terminal, follow it up with the command "service iptables save". From that point on, the rule will be permanent, not temporary...

JOduMonT commented 5 years ago

you could try firehol and their blocklist https://github.com/firehol/blocklist-ipsets

on debian and ubuntu it is possible to simply install it via apt install firehol