[CPANEL-28146] iptables rules automatically overwritten

[GoranG]

I noticed this too. It happens every time an account is modified.

I found a temporary workaround by going to /usr/local/cpanel/Cpanel/Services and renaming Firewall.pm to Firewall.pm.backup, so that the file isn't used anymore to add the chain. Now when I modify an account the chain isn't added. This is just a quick fix until they solve the issue.

 

[santrix]

I am definitely still seeing this on WHM 82.0.17 as recently as today. This is a ludicrous security issue that cPanel can't seem to squash for good. I am currently running the following every 5 minutes from cron

/sbin/iptables -D INPUT -j cP-Firewall-1-INPUT 2> /dev/null && echo "cP-Firewall-1-INPUT Removed"

I have added a task to the /scripts/postupcp file to run:

sed -i.bak -re 's/^(sub setup_firewall.*)/\1\n#   Hack to protect iptables from unwanted changes\n    return 0;/' /usr/local/cpanel/Cpanel/Services/Firewall.pm

This basically allows the APIs to run normally, but simply exits from the setup_firewall function with a zero exit code. This prevents cPanel from interfering with running iptables config.