Hello, everybody.
I am running the Hestia Control Panel on a host with Ubuntu 22.
The iptables rules are in a file called /etc/iptables/rules.v4
Over time this file grew to more than 900 lines and it contains a lot of duplicate rules coming from the HestiaCP. At the moment some lines occur 28 times.
Is this normal or did I miss some configuration?
Any idea of a good way of cleaning it up at this point?
Thank you.
Hi @ioan,
Hestia uses the file /etc/iptables.rules, at least in last version 1.8.x
Thank you.
I have HestiaCP v1.8.11.
I just discovered an /etc/iptables.rules file, as well and this one looks a bit more tidy, with just 92 lines and no multiple occuring rules, at last as far as I could see.
Does this mean that the HestiaCP-related rules from /etc/iptables/rules.v4 are obsolete and that I can simply delete them?
Seems so. Anyway, before delete it, make a backup.
Also, to know the rules that are being used by your system, use this command:
iptables -S
Thank you.
I managed to bring /etc/iptables/rules.v4 to less than 200 lines.
I am trying to understand if I misconfigured HestiaCP to begin with or if this behavior was part of how HestiaCP used to work.
I first installed the software in October 2023.
Then you should be using /etc/iptables.rules. Maybe that rules.v4 is used by another tool like crowdsec or similar… I don’t know
Just to be clear, after installing HestiaCP, I didn’t touch anything related to the firewall.
In its long form almost all the rules in /etc/iptables/rules.v4 belonged to HestiaCP. I did not install CrowdSec on this machine.
Have you ever met with a situation like this before?
Use below command just in case it finds some script saving iptables rules to that file:
grep -R 'rules\.v4' /etc/ /usr/local/hestia/ /var/lib/
If you have time, search the entire system:
grep -r 'rules\.v4' / 2>/dev/null
Thank you.
From the first search I found results only in the /var/lib/ directory, namely in the following files:
I reviewed some of them, but I don’t know what to do with them…
Have you ever met with a situation like this before?
No but because I don’t use neither Ubuntu nor iptables-persistent on any server.
You installed or maybe it was already installed in the Ubuntu image provided by your hosting, the package iptables-persistent, you don’t need this package to save and load iptables rules on boot, Hestia does it so you can purge the package:
sudo apt purge iptables-persistent
Thank you.
This latest reply was particularly useful.
Indeed, my Ubuntu compute instance resides in the Oracle Cloud Infrastructure.
As far as I know, Oracle tweaks the Ubuntu images it provides. After making sure that the Hestia Control Panel was compatible with Ubuntu, I used the Ubuntu image provided by Oracle without considering the iptables-persistent package.
For the Hestia Control Panel are you then using Debian on your servers?
Yes, but not only for Hestia, I’ve always used Debian for my servers.
Thank you.