Vesta Control Panel - Forum

Hello,

Is there a way to prevent VestaCP from flushing the rules applied to iptables that are entered from the command line (CLI) when a new rule is added using the control panel? I have a rule that I want to persist but every time I add a new rule through the panel I have to go back to the command line and reapply the rule. Is there a file that I could add the rule to so that when I add new firewall rules through the CP it will persist? Here are the steps that I take to reproduce the issue:

Step 1 (CLI): iptables -I INPUT -p tcp --dport 25 -m string --string some-string --algo bm -j DROP
Step 2 (CLI): iptables -L INPUT (Rule applied and shows in the output)
Step 3 (CP): Add new rule in the Firewall section of VestaCP
Step 4 (CLI): iptables -L INPUT ( iptables -I INPUT -p tcp --dport 25 -m string --string some-string --algo bm -j DROP --Rule is now missing)

Thanks in advance for the help.

Just wanted to offer an update on this question. After not getting any response from the message board, I dug in a little deeper and found this blog post http://www.lowendguide.com/3/networking ... s-lookups/ that helped me append some advanced firewall rules to the rules applied through the GUI. Basically, the v-update-firewall command is triggered each time one adds any new rules through the GUI. Contained in the v-update-firewall command is a small bit of code that can be called to preserve rules when the command is triggered:

#vi /usr/local/vesta/bin/v-update-firewall

Look for this section of the command:
Then to add the preserved firewall rule(s), create the custom.sh file in /usr/local/vesta/data/firewall/custom.sh

Sample custom.sh:
One thing that took me a minute to figure out was what permissions needed to be setup on the custom.sh file but basically if you chmod it to 0700 it'll get picked up each time the v-update-firewall command is called.

Appreciate all of the hard work on VestaCP. Really a great product.