Configuring a Firewall Through ISPmanager
To filter the packets passing through the server, use the ISPmanager control panel to create traffic-filtering rules for the firewall configuration.
In ISPmanager, go to "System" -> "Firewall” and click the "Create" button on the toolbar.
Specify the action, protocol and the packet source IP-address for the filtering rule.
Select "Allow” if you wish to fully enable the packets from the specified IP-address or subnet. Please be aware that if no limitations are places, all other packets will be enabled by the server.
Using the action “Allow for” enables the transmission of packets from the specified IP-addresses, and disables packet traffic from all other sources. If "Deny Access for All" is not checked, choose the trusted IP-addresses. These addresses will be allowed to transfer data to the server.
Select “Deny” to disable all incoming packets from the specified IP-address or source.
Select "Deny for” to disable access for a specific IP-address from the specified source.
Partially enabled and disabled rules affect rules with the actions “Allow” and “Deny,” respectively.
After filling out the fields, click “OK.” The new rule will appear in the firewall list.
On the operating system level, all rules created in the ISPmanager control panel will be placed within the iptables (ip6tables) file, found in the following sections:
|ispmgr_deny_ip||disable transmission from ip-addresses|
|ispmgr_allow_ip||enable transmission from ip-addresses|
|ispmgr_allow_sub||enable transmission from subnet|
|ispmgr_deny_sub||disable transmission from subnet|
For the Debian, the firewall rules are contained in the /etc/ispiptable.conf /etc/ispip6table.conf file.
For the CentOS, the firewall rules are contained in the /etc/sysconfig/iptables file.
iptables can be accessed from the File Manager in ISPmanager.
Double click to open the file for editing.
The rules can be directly edited, deleted and added in this file. If manual updates are performed, it is important to closely monitor for any conflicts that may arise from rules created within ISPmanager. Additionally, the ISPmanager rule creation process checks whether the IP-address that is connecting to the control panel is among the denied subnets. If you are performing any manual configuration of iptables, make sure to check for these conflicts. It is also very important to ensure that the rules created manually are correctly recognized by ISPmanager.