The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disabling iptables

Discussion in 'Security' started by Mauritz, Jul 11, 2015.

  1. Mauritz

    Mauritz Active Member

    Joined:
    Apr 29, 2015
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Johannesburg
    cPanel Access Level:
    Root Administrator
  2. Asim Zeeshan

    Asim Zeeshan Member

    Joined:
    Nov 13, 2011
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Lahore, Pakistan
    cPanel Access Level:
    Root Administrator
    @Mauritz the instructions to disable iptables are there to avoid any unforeseen issue or blockade due to iptables
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    I would assume they mean only temporarily disable it during installation; they go on to recommend CSF / APF which are literally front-ends for IPtables. You should never leave iptables permanantly disabled unless you are on a CentOS 7 system and plan on using firewalld instead.

    I would like to hear a staff memebers take on that particular documentation, as in my opinion it is misleading at best and dangerous at worst. Seeing as CSF simply manages and creates iptables rules (for the most part), the documentation also seems contradictory (especially with cphulk now blocking IPs in the system firewall).
     
    #3 quizknows, Jul 11, 2015
    Last edited: Jul 11, 2015
    sarhosting likes this.
  4. sarhosting

    sarhosting Well-Known Member

    Joined:
    Oct 1, 2007
    Messages:
    164
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    Twitter:
    When you are installing software on your PC, you are often told to disable your antivirus software to prevent issues during the install. The document you mentioned is basically telling you the same thing. Disable the function for your install then later activate once the task is complete. If you are not doing any install/updates, leave the setting as it is so that continue to protect the server.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,698
    Likes Received:
    657
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The document you referenced is suggesting you disable your firewall for the cPanel installation itself. However, post-installation, it mentions this:

    Thank you.
     
  6. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    This is terribly contradictory though. CSF simply configures IPtables (the system firewall), so leaving that disabled is literally impossible if you follow that recommendation. Someone should review that document for clarity sake.

    I don't understand how the docs can say "For cPanel & WHM to run on your web server, the OS firewall must remain disabled" when cphulk itself has an option to block IPs in the system firewall (iptables).
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,698
    Likes Received:
    657
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The statement is found under the "Troubleshoot an Installation" part of the documentation so the expectation is that users reaching this page are having trouble with the installation. The following statement is referring to the installation of cPanel:

    It's likely better written as:

    It's true that firewall rules are added by certain cPanel features (e.g. SMTP Tweak, cPHulk). However, this article is designed to help prevent the number of users that complain of trouble accessing cPanel/WHM after the initial installation. Is there any specific addition or clarifications to this article you feel would help?

    Thank you.
     
  8. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    The point is it's 100% false. Even the wording "For cPanel & WHM to run on your web server, the OS firewall must remain disabled while cPanel is installed." is completely wrong. Perhaps you mean "during the installation?" Otherwise, how could cphulk add firewall rules to the system firewall if it's disabled? How would SMTP tweak work at all? Even CSF is just a front-end for IPtables. If anything, disabling the system firewall would hurt more than help and is not sound advice.

    Sorry if I sound angry here (I'm not), it's just misleading and basically wrong. Worst case it should say something like "If you have issues while installing, make sure the appropriate TCP ports are open. If you still encounter issues, ensure that you disable any firewall management utilities like APF or CSF, and then flush iptables so that cPanel can start with an empty iptables rule set before proceeding."
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,698
    Likes Received:
    657
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  10. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Looks much better, thank you :)
     
Loading...

Share This Page