Page 1 of 2

Firewall blocks services after first reboot on a clean installation

Posted: Tue Jul 03, 2018 3:56 pm
by pabbae
I've installed the last vestacp release on a clean minimal Centos 7 installation with this config

Code: Select all

    bash vst-install.sh --nginx yes --apache yes --phpfpm no --named yes --remi yes --vsftpd no --proftpd no --iptables yes --fail2ban yes --quota no --exim yes --dovecot no --spamassassin no --clamav no --softaculous no --mysql yes --postgresql no --hostname host --email email@host --password xxxxx
After restart, firewall blocks all services access with this rule:

Code: Select all

[Chain INPUT (policy ACCEPT 0 packets, 0 bytes)]
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
I've tried several installations with same result.

Is it an issue of the new release?

Re: Firewall blocks services after first reboot on a clean installation

Posted: Wed Jul 04, 2018 5:30 am
by Felix
What is the output of the following command?

Code: Select all

v-list-firewall

Re: Firewall blocks services after first reboot on a clean installation

Posted: Wed Jul 04, 2018 5:54 am
by geek
Felix wrote:
Wed Jul 04, 2018 5:30 am
What is the output of the following command?

Code: Select all

v-list-firewall
I have the same exact issue. Installed vestacp on a fresh centos 7.5
If you reboot the server, all services stop working. (only ping works) unless you login to the console and stop firewalld service
I have taken screenshots for "v-list-firewall" and "iptables -L" commands (no attachment option here)

Image

Image

Image

Image

Re: Firewall blocks services after first reboot on a clean installation

Posted: Thu Jul 05, 2018 7:30 am
by geek
Anyone??

Re: Firewall blocks services after first reboot on a clean installation

Posted: Thu Jul 05, 2018 9:12 am
by pabbae
Felix wrote:
Wed Jul 04, 2018 5:30 am
What is the output of the following command?

Code: Select all

v-list-firewall
Similar output like the one reported by @geek

Re: Firewall blocks services after first reboot on a clean installation

Posted: Thu Jul 05, 2018 9:20 am
by pabbae
geek wrote:
Wed Jul 04, 2018 5:54 am
Felix wrote:
Wed Jul 04, 2018 5:30 am
What is the output of the following command?

Code: Select all

v-list-firewall
I have the same exact issue. Installed vestacp on a fresh centos 7.5
If you reboot the server, all services stop working. (only ping works) unless you login to the console and stop firewalld service
I have taken screenshots for "v-list-firewall" and "iptables -L" commands (no attachment option here)

Image
In fact, services are up, BUT the firewall blocks ALL input connections due the REJECT ALL rule FROM 0.0.0.0/0 in the CHAIN INPUT

Re: Firewall blocks services after first reboot on a clean installation

Posted: Thu Jul 05, 2018 12:30 pm
by geek
I understand the services are infact up, but why does it add drop all rule on reboot?

Re: Firewall blocks services after first reboot on a clean installation

Posted: Thu Jul 05, 2018 12:59 pm
by pabbae
geek wrote:
Thu Jul 05, 2018 12:30 pm
I understand the services are infact up, but why does it add drop all rule on reboot?
No idea... that was the reason I've opened this post :)

Re: Firewall blocks services after first reboot on a clean installation

Posted: Thu Jul 05, 2018 2:11 pm
by imperio
Fix will be soon.
Try to restart iptables

Code: Select all

service iptables restart

Re: Firewall blocks services after first reboot on a clean installation

Posted: Thu Jul 05, 2018 2:23 pm
by pabbae
imperio wrote:
Thu Jul 05, 2018 2:11 pm
Fix will be soon.
Try to restart iptables

Code: Select all

service iptables restart
well.. the point is that if it's an online server that you can only access over ssh... there is no option to restart iptables after that reboot :)

Anyway, I added it as issue on github too yesterday.