Hestia 1.3.0 RC: ports open for ipv6

I’m currently testing Hestia 1.3.0 RC on an Ubuntu 20.04 system. My VPS hosts assigns an ipv4 and ipv6 address via DHCP to all servers. I found out, that all ports are open to ipv6 (even MySQL). Maybe ipv6 should be disabled on the server, since the firewall rules cannot be managed by Hestia?

This is where CSF comes in. :wink:

Answer from @falzo, freshly out of the dev chat:

it's a problem with tons of servers out there. iptables is usually there but only configured to handle IPv4 anyway. as soon as you start to use IPv6 you are quite open, unless you make sure, all services are configured correctly to not automatically listen on IPv6 out of the box

We will discuss fruther, if we need to improve anything here - but I think we should have time until we start to support ipv6.

Just checked on my server

tcp6       0      0 :::3306                 :::*                    LISTEN      980/mariadbd        
tcp6       0      0 :::110                  :::*                    LISTEN      740/dovecot         
tcp6       0      0 ::1:783                 :::*                    LISTEN      981/perl            
tcp6       0      0 :::143                  :::*                    LISTEN      740/dovecot         
tcp6       0      0 :::53                   :::*                    LISTEN      751/named           
tcp6       0      0 :::22                   :::*                    LISTEN      7792/sshd           
tcp6       0      0 ::1:953                 :::*                    LISTEN      751/named           
tcp6       0      0 :::993                  :::*                    LISTEN      740/dovecot         
tcp6       0      0 :::995                  :::*                    LISTEN      740/dovecot 

The main issue is mariabd / mysql but adding bind=127.0.0.1 to my.cnf will sort this issue.

But we should really start on ipv6 support :slight_smile:

My workaround for now was to disable IPv6 completely on the server adding the folloing lines to /etc/sysctl.conf.

net.ipv6.conf.all.disable_ipv6 = 1
1 Like