fastpanel/core

Firewall rules error

Opened this issue · 0 comments

dronmaxman commented

Debian 11.3

Hi. I have some recomendations in firewall configuration.

This is your base firewall rules example. I'm add one rule.

:INPUT ACCEPT [0:0]                                                                                                                                                                                                                [1816/1816]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1828:348484]
:fastpanel_rules - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -j fastpanel_rules
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A fastpanel_rules -s 1.1.1.0/24
COMMIT

So, list of problems

  • miss RETURN at the end of fastpanel_rules chain
  • miss RELATED,ESTABLISHED for OUTPUT
  • nf_conntrack_helper disable by default, so ftp don't work if firewall active

Examle for ftp

iptables -A INPUT -m conntrack --ctstate RELATED -m helper \\
       --helper ftp -d $MY_FTP_SERVER -p tcp \\
       --dport 22: -j ACCEPT