[CPANEL-28146] iptables rules automatically overwritten

GoranG

Registered
Apr 23, 2020
3
0
1
Macedonia
cPanel Access Level
Root Administrator
I noticed this too. It happens every time an account is modified.

I found a temporary workaround by going to /usr/local/cpanel/Cpanel/Services and renaming Firewall.pm to Firewall.pm.backup, so that the file isn't used anymore to add the chain. Now when I modify an account the chain isn't added. This is just a quick fix until they solve the issue.
 

santrix

Well-Known Member
Nov 30, 2008
225
2
68
I am definitely still seeing this on WHM 82.0.17 as recently as today. This is a ludicrous security issue that cPanel can't seem to squash for good. I am currently running the following every 5 minutes from cron

/sbin/iptables -D INPUT -j cP-Firewall-1-INPUT 2> /dev/null && echo "cP-Firewall-1-INPUT Removed"
I have added a task to the /scripts/postupcp file to run:

Bash:
sed -i.bak -re 's/^(sub setup_firewall.*)/\1\n#   Hack to protect iptables from unwanted changes\n    return 0;/' /usr/local/cpanel/Cpanel/Services/Firewall.pm
This basically allows the APIs to run normally, but simply exits from the setup_firewall function with a zero exit code. This prevents cPanel from interfering with running iptables config.