Deleted the Firewall "Allow" rules by mistake

brunomiranda · June 7, 2023, 8:04am

Hi, sorry for this post but im in an alert mode…

By mistake i deleted the Allow rules from the firewall dashborad at my Hestia server…

I rebooted the machine but now i don’t even have access with bitvise ssh client…

Im on an Oracle Machine…

Please help.

Bruno Miranda

linkp · June 7, 2023, 1:09pm

You will need console access or a rescue boot disk, neither of which have anything to do with Hestia which means this is the wrong place to expect to receive training in their use.

jlguerrero · June 7, 2023, 4:43pm

Hello Bruno, you have to contact your provider. In this case, oracle. And ask them to recover or grant you local shell access.

brunomiranda · June 7, 2023, 8:58pm

Yes, thanks, i have knowledge about creating instances and vps machines, however i made a mistake…
Thanks for the support provided

brunomiranda · June 7, 2023, 8:58pm

Thanks a lot for your guidance. really helped!

eris · June 7, 2023, 9:12pm

Login via VNC / what ever Oracle Cloud provide

Then run: CLI Reference | Hestia Control Panel

brunomiranda · June 8, 2023, 6:55am

I apologize for writing here again, but I really need guidance now regarding the Hestia server.

I am incredibly grateful for the valuable time you have taken to provide me with assistance. I have successfully accessed the files on my boot volume by attaching it to another instance.

I’ve added the correct Rules to the file
/usr/local/hestia/data/firewall/rules.conf

Added the following 10 Rules Manualy

RULE=‘1’ ACTION=‘ACCEPT’ PROTOCOL=‘ICMP’ PORT=‘0’ IP=‘0.0.0.0/0’ COMMENT=‘PING’ SUSPENDED=‘no’ TIME=‘17:13:48’ DATE=‘2014-09-16’
RULE=‘2’ ACTION=‘ACCEPT’ PROTOCOL=‘TCP’ PORT=‘2083’ IP=‘0.0.0.0/0’ COMMENT=‘HESTIA’ SUSPENDED=‘no’ TIME=‘07:40:16’ DATE=‘2014-05-25’
RULE=‘3’ ACTION=‘ACCEPT’ PROTOCOL=‘TCP’ PORT=‘143,993’ IP=‘0.0.0.0/0’ COMMENT=‘IMAP’ SUSPENDED=‘no’ TIME=‘07:40:16’ DATE=‘2014-05-25’
RULE=‘4’ ACTION=‘ACCEPT’ PROTOCOL=‘TCP’ PORT=‘110,995’ IP=‘0.0.0.0/0’ COMMENT=‘POP3’ SUSPENDED=‘no’ TIME=‘07:40:16’ DATE=‘2014-05-25’
RULE=‘5’ ACTION=‘ACCEPT’ PROTOCOL=‘TCP’ PORT=‘25,465,587’ IP=‘0.0.0.0/0’ COMMENT=‘SMTP’ SUSPENDED=‘no’ TIME=‘21:47:04’ DATE=‘2018-11-07’
RULE=‘6’ ACTION=‘ACCEPT’ PROTOCOL=‘TCP’ PORT=‘53’ IP=‘0.0.0.0/0’ COMMENT=‘DNS’ SUSPENDED=‘no’ TIME=‘07:40:16’ DATE=‘2014-05-25’
RULE=‘7’ ACTION=‘ACCEPT’ PROTOCOL=‘UDP’ PORT=‘53’ IP=‘0.0.0.0/0’ COMMENT=‘DNS’ SUSPENDED=‘no’ TIME=‘07:40:16’ DATE=‘2014-05-25’
RULE=‘8’ ACTION=‘ACCEPT’ PROTOCOL=‘TCP’ PORT=‘21,12000-12100’ IP=‘0.0.0.0/0’ COMMENT=‘FTP’ SUSPENDED=‘no’ TIME=‘07:40:16’ DATE=‘2014-05-25’
RULE=‘9’ ACTION=‘ACCEPT’ PROTOCOL=‘TCP’ PORT=‘80,443’ IP=‘0.0.0.0/0’ COMMENT=‘WEB’ SUSPENDED=‘no’ TIME=‘17:04:27’ DATE=‘2014-09-24’
RULE=‘10’ ACTION=‘ACCEPT’ PROTOCOL=‘TCP’ PORT=‘22’ IP=‘0.0.0.0/0’ COMMENT=‘SSH’ SUSPENDED=‘no’ TIME=‘17:14:41’ DATE=‘2014-09-16’

However i connected the server again but not still not working… or better… without connection…
What is missing? can you help me?

eris · June 8, 2023, 3:08pm

Restart server or v-update-firewall

brunomiranda · June 8, 2023, 3:44pm

I’ve restarted the server but is not working…
Still no connection for dashboard or even ssh on port 22…

The only way i can edit the files is mounting this server to another working instance… that way i can’t use the v-update-firewall…

Should i update the v-update-firewall file with all the new mounted path ?

root@instance-20230607-2318:/mnt/sdb# /mnt/sdb/usr/local/hestia/bin/v-update-firewall
/mnt/sdb/usr/local/hestia/bin/v-update-firewall: line 19: /etc/profile.d/hestia.sh: No such file or directory
/mnt/sdb/usr/local/hestia/bin/v-update-firewall: line 21: /etc/hestiacp/hestia.conf: No such file or directory
/mnt/sdb/usr/local/hestia/bin/v-update-firewall: line 23: /func/main.sh: No such file or directory
/mnt/sdb/usr/local/hestia/bin/v-update-firewall: line 25: /func/firewall.sh: No such file or directory
/mnt/sdb/usr/local/hestia/bin/v-update-firewall: line 27: source_conf: command not found
/mnt/sdb/usr/local/hestia/bin/v-update-firewall: line 33: is_system_enabled: command not found
/mnt/sdb/usr/local/hestia/bin/v-update-firewall: line 40: heal_iptables_links: command not found

I restarted already hoping the v-update-firewall could work…
Sorry, Im just missing this step for v-update-firewall

linkp · June 8, 2023, 3:56pm

Have you tried from a chroot environment while booted from another system volume?

brunomiranda · June 8, 2023, 5:20pm

Yes, i get to the point to execute on chroot environmet the v-update-firewall

i get this error
root@instance-20230607-2318:/home# /usr/local/hestia/bin/v-update-firewall
cat: /proc/cpuinfo: No such file or directory
cat: /proc/cpuinfo: No such file or directory
grep: /proc/1/environ: No such file or directory
Error: Invalid object format: RULE=‘10’ ACTION=‘ACCEPT’ PROTOCOL=‘TCP’ PORT=‘22’ IP=‘0.0.0.0/0’ COMMENT=‘SSH’ SUSPENDED=‘no’ TIME=‘17:14:41’ DATE=‘2014-09-16’

I think im almost there…
should i must leave a blank line at the end of the rules.conf?

eris · June 8, 2023, 5:43pm

v-stop-firewall

And sort everything else via ssh…

linkp · June 8, 2023, 5:46pm

It looks like you neglected to bind mount /proc before your chroot.

https://wiki.debian.org/chroot#Mounting_pseudo_filesystems

The approach that @eris just suggested should be rather expedient if are having trouble with your chroot environment.

brunomiranda · June 8, 2023, 6:29pm

Thanks i’ve done it all steps for the chroot you send me, thanks a lot.

At this point in time im just here to ask about this warning im having…
root@instance-20230607-2318:/# /usr/local/hestia/bin/v-update-firewall

Warning: iptables-legacy tables present, use iptables-legacy-save to see them
root@instance-20230607-2318:/# /usr/local/hestia/bin/v-stop-firewall
Warning: iptables-legacy tables present, use iptables-legacy-save to see them

This is the chroot environment…
Sorry for all this work and posts…

system · July 8, 2023, 6:29pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.