1 Topic by jmiletic

  • jmiletic
  • Member
  • Offline
  • Registered: 2015-11-13
  • Posts: 2

Topic: iRedMail and iptables managed by other program

==== Required information ====
- iRedMail version: [ 0.9.2 ]
- Linux/BSD distribution name and version: [ CentOS release 6.7 (Final) ]
- Store mail accounts in which backend: [ MySQL ]
- Web server: [ Apache ]
- Manage mail accounts with iRedAdmin-Pro? [ No, basic only ]
- Related log if you're reporting an issue: n/a
====

We use configserver: csf/lfd to manage the server iptables firewall. This is very important for us to maintain security. The problem is that iRedMail adds chains and rules, which are promptly overwritten by csf/lfd. <sad face>

Is there some way to merge firewalls? Or to preserve the chains and values in an existing firewall, while adding content from another firewall. In other words, after csf/lfd runs, would it be possible to add iRedMail chains and rules without overwriting what csf/lfd already wrote?

--Joyce M

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: iRedMail and iptables managed by other program

Not sure what you mean about "merge firewalls", but here's some hint:

*) You can disable iptables service (/etc/init.d/iptables).
*) Fail2ban adds some chains to block bad clients.

3 Reply by jmiletic

  • jmiletic
  • Member
  • Offline
  • Registered: 2015-11-13
  • Posts: 2

Re: iRedMail and iptables managed by other program

I have resolved it with a cron job that runs iptables -n <iredmail.iptables, when it is detected that the chains and rules have been overwritten by the other program. Runs every 2 mins, so when the other program updates iptables, very shortly, the Fail2ban rules will be back in place.