We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Firewall Locks Me Out of Site
Firewall Locks Me Out of Site
Hello,
I have my Firewall rules entered in, most of them are default, but the second I turn on the firewall service, I can't access my websites. I can still access the back-panel though.
Here is my 'iptables -L'
/usr/local/vesta/data/firewall/ports.conf
/usr/local/vesta/data/firewall/rules.conf
I have my Firewall rules entered in, most of them are default, but the second I turn on the firewall service, I can't access my websites. I can still access the back-panel though.
Here is my 'iptables -L'
Code: Select all
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-VESTA tcp -- anywhere anywhere tcp dpt:8083
fail2ban-MAIL tcp -- anywhere anywhere multiport dports smtp,urd,submission,2525,pop3,pop3s,imap2,imaps
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:7777
ACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-client
ACCEPT tcp -- anywhere anywhere tcp dpt:9090
ACCEPT tcp -- anywhere anywhere multiport dports 8000:8001
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere multiport dports http,https
ACCEPT tcp -- anywhere anywhere multiport dports ftp,12000:12100
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission,2525
ACCEPT tcp -- anywhere anywhere multiport dports pop3,pop3s
ACCEPT tcp -- anywhere anywhere multiport dports imap2,imaps
ACCEPT tcp -- anywhere anywhere multiport dports mysql,postgresql
ACCEPT tcp -- anywhere anywhere tcp dpt:8083
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- 10.10.10.7 anywhere
ACCEPT all -- localhost anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp spt:ftp
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT tcp -- anywhere anywhere tcp spt:https
ACCEPT tcp -- anywhere anywhere tcp spt:pop3
ACCEPT udp -- anywhere anywhere udp spt:ntp
ACCEPT tcp -- anywhere anywhere tcp spt:imap2
ACCEPT tcp -- anywhere anywhere tcp spt:mysql
ACCEPT tcp -- anywhere anywhere tcp spt:postgresql
ACCEPT tcp -- anywhere anywhere tcp spt:http-alt
ACCEPT tcp -- anywhere anywhere tcp spt:8433
ACCEPT tcp -- anywhere anywhere tcp spt:8083
ACCEPT tcp -- anywhere anywhere tcp spts:12000:12100
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-MAIL (1 references)
target prot opt source destination
Chain fail2ban-SSH (1 references)
target prot opt source destination
Chain fail2ban-VESTA (1 references)
target prot opt source destination
Chain fail2ban-ssh (0 references)
target prot opt source destination
Chain ufw-after-forward (0 references)
target prot opt source destination
Chain ufw-after-input (0 references)
target prot opt source destination
Chain ufw-after-logging-forward (0 references)
target prot opt source destination
Chain ufw-after-logging-input (0 references)
target prot opt source destination
Chain ufw-after-logging-output (0 references)
target prot opt source destination
Chain ufw-after-output (0 references)
target prot opt source destination
Chain ufw-before-forward (0 references)
target prot opt source destination
Chain ufw-before-input (0 references)
target prot opt source destination
Chain ufw-before-logging-forward (0 references)
target prot opt source destination
Chain ufw-before-logging-input (0 references)
target prot opt source destination
Chain ufw-before-logging-output (0 references)
target prot opt source destination
Chain ufw-before-output (0 references)
target prot opt source destination
Chain ufw-reject-forward (0 references)
target prot opt source destination
Chain ufw-reject-input (0 references)
target prot opt source destination
Chain ufw-reject-output (0 references)
target prot opt source destination
Chain ufw-track-forward (0 references)
target prot opt source destination
Chain ufw-track-input (0 references)
target prot opt source destination
Chain ufw-track-output (0 references)
target prot opt source destination
Chain vesta (0 references)
target prot opt source destination
Code: Select all
PROTOCOL='TCP' PORT='20'
PROTOCOL='TCP' PORT='21'
PROTOCOL='TCP' PORT='22'
PROTOCOL='TCP' PORT='25'
PROTOCOL='UDP' PORT='53'
PROTOCOL='TCP' PORT='80'
PROTOCOL='TCP' PORT='443'
PROTOCOL='TCP' PORT='110'
PROTOCOL='UDP' PORT='123'
PROTOCOL='TCP' PORT='143'
PROTOCOL='TCP' PORT='3306'
PROTOCOL='TCP' PORT='5432'
PROTOCOL='TCP' PORT='8080'
PROTOCOL='TCP' PORT='8433'
PROTOCOL='TCP' PORT='8083'
PROTOCOL='TCP' PORT='12000:12100'
Code: Select all
RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16'
RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='19:14:16' DATE='2015-09-14'
RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16'
RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8000-8001' IP='0.0.0.0/0' COMMENT='Shoutcast' SUSPENDED='no' TIME='05:27:47' DATE='2015-09-10'
RULE='12' ACTION='ACCEPT' PROTOCOL='TCP' PORT='9090' IP='0.0.0.0/0' COMMENT='' SUSPENDED='no' TIME='18:11:37' DATE='2015-09-10'
RULE='13' ACTION='ACCEPT' PROTOCOL='TCP' PORT='5222' IP='0.0.0.0/0' COMMENT='' SUSPENDED='no' TIME='18:23:31' DATE='2015-09-10'
RULE='14' ACTION='ACCEPT' PROTOCOL='TCP' PORT='7777' IP='0.0.0.0/0' COMMENT='' SUSPENDED='no' TIME='18:23:36' DATE='2015-09-10'