Iptables being rewritten

Community Support Firewall
1

It seems that hestia rewrites the rules on reboot and I had to wipe the server because I used iptables-save. Hestia would no longer add its rules so I was stuck with generic rules.

[1] I am wanting to allow two IPs with no restrictions. The Hestia web interface will not allow that.
iptables -I INPUT 2 -s 100.113.77.38 -j ACCEPT
iptables -I INPUT 1 -s 107.91.12.23 -j ACCEPT

[2] Once I have another DNS issue resolved, I am going to add a second static IP to this machine which should be eth1. Will the Hestica CP pass port 53 to both IPs? I have done many linux servers on the years, but this will be the first one with more than one static IP.
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:53

TIA

2

With the release of 1.2.0 that will released very soon we have capability to block / allow ip fully over all ports via the “Server” → Firewall → Ipset

You can define a list of ip you want to allow with access to all ports. How ever a list of minimum of 10 entries is required

If that’s not enough please create feature/bug report

1.2.0 RC can be found

2 Likes
3

For nr. 2, yes, bind should answer dns requests on both ips.

4
  1. use Hestia firewall for that (cli or webui), ex:

v-add-firewall-rule ACTION IP PORT [PROTOCOL] [COMMENT] [RULE]

v-add-firewall-rule ‘accept’ ‘100.113.77.38’ ‘0’ # Port 0 matches all ports

will create the folowing iptables rules:

user@host:~$ iptables -n -L INPUT
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  100.113.77.38        0.0.0.0/0
5 Likes