firewall does not work in v1.7 rc

Support and Discussion General Discussion
1

i think there is no way to start or reload firewall in v1.7 rc
have installed on openvz and does not work

so i decided to write this small script

#!/bin/bash

delete existing iptables rules

iptables -F

drop all incoming connections

iptables -P INPUT DROP
iptables -P FORWARD DROP

allow all outgoing conections

iptables -P OUTPUT ACCEPT

SSH allow

iptables -A INPUT -j ACCEPT -p tcp --dport 58742

HTTP allow

iptables -A INPUT -j ACCEPT -p tcp --dport 80
iptables -A INPUT -j ACCEPT -p tcp --dport 443

cyberpanel and services allow (tcp)

iptables -A INPUT -j ACCEPT -p tcp --dport 25
iptables -A INPUT -j ACCEPT -p tcp --dport 8090
iptables -A INPUT -j ACCEPT -p tcp --dport 8891
iptables -A INPUT -j ACCEPT -p tcp --dport 993
iptables -A INPUT -j ACCEPT -p tcp --dport 995
iptables -A INPUT -j ACCEPT -p tcp --dport 7080
iptables -A INPUT -j ACCEPT -p tcp --dport 587
iptables -A INPUT -j ACCEPT -p tcp --dport 5003
iptables -A INPUT -j ACCEPT -p tcp --dport 110
iptables -A INPUT -j ACCEPT -p tcp --dport 143
iptables -A INPUT -j ACCEPT -p tcp --dport 465
iptables -A INPUT -j ACCEPT -p tcp --dport 53
iptables -A INPUT -j ACCEPT -p tcp --dport 21

cyberpanel and services allow (udp)

iptables -A INPUT -j ACCEPT -p udp --dport 53
iptables -A INPUT -j ACCEPT -p udp --dport 35476

allow localhost example php to local database

iptables -A INPUT -j ACCEPT -s 127.0.0.1

allow established connections

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

small and fine^^

2

add this for passive port range of pureftp^^
iptables -A INPUT -j ACCEPT -p tcp --dport 40110:40210

3

I guess for OVZ, guest VM functionality is greatly relied on host node configurations …

4
I guess for OVZ, guest VM functionality is greatly relied on host node configurations ...

It should now work with OpenVZ too, some providers are still using old Centos 7 images, and when yum update runs it cripples firewalld, there is a small patch there for OpenVZ now.

5
I guess for OVZ, guest VM functionality is greatly relied on host node configurations ...

It should now work with OpenVZ too, some providers are still using old Centos 7 images, and when yum update runs it cripples firewalld, there is a small patch there for OpenVZ now.

Not working for me either and I am on a dedicated

NVM, restarted and worked

6

Thank you for this :slightly_smiling_face: