Disabling iptables
-
@Mauritz the instructions to disable iptables are there to avoid any unforeseen issue or blockade due to iptables 0 -
I would assume they mean only temporarily disable it during installation; they go on to recommend CSF / APF which are literally front-ends for IPtables. You should never leave iptables permanantly disabled unless you are on a CentOS 7 system and plan on using firewalld instead. I would like to hear a staff memebers take on that particular documentation, as in my opinion it is misleading at best and dangerous at worst. Seeing as CSF simply manages and creates iptables rules (for the most part), the documentation also seems contradictory (especially with cphulk now blocking IPs in the system firewall). 0 -
When you are installing software on your PC, you are often told to disable your antivirus software to prevent issues during the install. The document you mentioned is basically telling you the same thing. Disable the function for your install then later activate once the task is complete. If you are not doing any install/updates, leave the setting as it is so that continue to protect the server. 0 -
Hello :) The document you referenced is suggesting you disable your firewall for the cPanel installation itself. However, post-installation, it mentions this: For cPanel & WHM to run on your web server, the OS firewall must remain disabled. When the installation process finishes, configure your firewall with a third-party client. We recommend that you use APF or CSF. [LIST] - For more information about APF, visit the RFX Networks website.
- For more information about CSF, visit the ConfigServer website.
Thank you.0 -
This is terribly contradictory though. CSF simply configures IPtables (the system firewall), so leaving that disabled is literally impossible if you follow that recommendation. Someone should review that document for clarity sake. I don't understand how the docs can say "For cPanel & WHM to run on your web server, the OS firewall must remain disabled" when cphulk itself has an option to block IPs in the system firewall (iptables). 0 -
I don't understand how the docs can say "For cPanel & WHM to run on your web server, the OS firewall must remain disabled" when cphulk itself has an option to block IPs in the system firewall (iptables).
Hello :) The statement is found under the "Troubleshoot an Installation" part of the documentation so the expectation is that users reaching this page are having trouble with the installation. The following statement is referring to the installation of cPanel: For cPanel & WHM to run on your web server, the OS firewall must remain disabled.
It's likely better written as: For cPanel & WHM to run on your web server, the OS firewall must remain disabled while cPanel is installed.
It's true that firewall rules are added by certain cPanel features (e.g. SMTP Tweak, cPHulk). However, this article is designed to help prevent the number of users that complain of trouble accessing cPanel/WHM after the initial installation. Is there any specific addition or clarifications to this article you feel would help? Thank you.0 -
The point is it's 100% false. Even the wording "For cPanel & WHM to run on your web server, the OS firewall must remain disabled while cPanel is installed." is completely wrong. Perhaps you mean "during the installation?" Otherwise, how could cphulk add firewall rules to the system firewall if it's disabled? How would SMTP tweak work at all? Even CSF is just a front-end for IPtables. If anything, disabling the system firewall would hurt more than help and is not sound advice. Sorry if I sound angry here (I'm not), it's just misleading and basically wrong. Worst case it should say something like "If you have issues while installing, make sure the appropriate TCP ports are open. If you still encounter issues, ensure that you disable any firewall management utilities like APF or CSF, and then flush iptables so that cPanel can start with an empty iptables rule set before proceeding." 0 -
A slight change has been made to the installation document regarding firewalls: or 0 -
Looks much better, thank you :) 0
Please sign in to leave a comment.
Comments
9 comments