I installed on ubuntu 20.04 with no errors. I checked iptables and I saw some rules like dns port 53 doesn’t exist.
here is iptables after install;
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-FTP
-N fail2ban-HESTIA
-N fail2ban-MAIL
-N fail2ban-RECIDIVE
-N fail2ban-SSH
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-HESTIA
-A INPUT -p tcp -m multiport --dports 25,465,587,110,995,143,993 -j fail2ban-MAI L
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-FTP
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 1:65535 -j fail2ban-RECIDIVE
-A fail2ban-FTP -j RETURN
-A fail2ban-HESTIA -j RETURN
-A fail2ban-MAIL -j RETURN
-A fail2ban-RECIDIVE -j RETURN
-A fail2ban-SSH -j RETURN
I jump to the server / firewall section on hestia cp web ui and click on dns and save it without change anything.
here is the iptables below after save;
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-FTP
-N fail2ban-HESTIA
-N fail2ban-MAIL
-N fail2ban-RECIDIVE
-N fail2ban-SSH
-N hestia
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-HESTIA
-A INPUT -p tcp -m multiport --dports 25,465,587,110,995,143,993 -j fail2ban-MAIL
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-FTP
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 1:65535 -j fail2ban-RECIDIVE
-A INPUT -s x.x.x.x/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A fail2ban-FTP -j RETURN
-A fail2ban-HESTIA -j RETURN
-A fail2ban-MAIL -j RETURN
-A fail2ban-RECIDIVE -j RETURN
-A fail2ban-SSH -s 104.248.201.238/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -j RETURN
after save iptables dns rule in firewall section, web ui became unreachable but I can SSH into server. it’s strange because there is a rules which permits port 8083 which is -A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT.
even apt update command fail with this iptables rules above;
Err:1 Index of /ubuntu/ focal InRelease
Temporary failure resolving ‘it.archive.ubuntu.com’
Err:2 Index of /ondrej/apache2/ubuntu focal InRelease
Temporary failure resolving ‘ppa.launchpad.net’
Err:3 https://apt.hestiacp.com focal InRelease
Temporary failure resolving ‘apt.hestiacp.com’
Err:4 mirror - MvA focal InRelease
Temporary failure resolving ‘mirror.mva-n.net’
Err:5 Index of /packages/mainline/ubuntu/ focal InRelease
Temporary failure resolving ‘nginx.org’
Err:6 Index of /ubuntu/ focal-updates InRelease
Temporary failure resolving ‘it.archive.ubuntu.com’
Err:7 Index of /ondrej/php/ubuntu focal InRelease
Temporary failure resolving ‘ppa.launchpad.net’
Err:8 Index of /ubuntu/ focal-backports InRelease
Temporary failure resolving ‘it.archive.ubuntu.com’
when I reboot server iptables became below again, web ui reachable, apt update command success;
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-FTP
-N fail2ban-HESTIA
-N fail2ban-MAIL
-N fail2ban-RECIDIVE
-N fail2ban-SSH
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-HESTIA
-A INPUT -p tcp -m multiport --dports 25,465,587,110,995,143,993 -j fail2ban-MAI L
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-FTP
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 1:65535 -j fail2ban-RECIDIVE
-A fail2ban-FTP -j RETURN
-A fail2ban-HESTIA -j RETURN
-A fail2ban-MAIL -j RETURN
-A fail2ban-RECIDIVE -j RETURN
-A fail2ban-SSH -j RETURN
there is someting wrong but I couldn’t figure it out.