**Rules file /etc/iptables.up.rules**
**External managed rules detected. Activate "[Directly edit firewall rules"] or your firewall rules may break.**
**Warning!** It appears that FirewallD is being used to generate your system's firewall. Maybe you should use the [FirewallD module] instead.
**WARNING! Your current IPtables configuration is invalid : iptables-restore v1.8.2 (nf_tables): Set f2b-proftpd doesn't exist. Error occurred at line: 45**
OK, so clicking on FirewallD:
### Failed to list zones : Error: INVALID_ZONE
So, as per FirewallD - Invalid Zones - #8 by vminbeginner I activated buster backports, uninstalled iptables, and reinstalled iptables, and still had a problem. So I installed firewalld hoping I could get things to work but that didn’t help either.
So I apt purge iptables and apt purge firewalld and apt install firewalld but that ended up with error messages like:
ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.2 (nf_tables):
line 4: RULE_REPLACE failed (No such file or directory): rule in chain INPUT
line 4: RULE_REPLACE failed (No such file or directory): rule in chain OUTPUT
but at least then I found this:
Which said to edit /etc/firewalld/firewalld.conf and change IndividualCalls=no to IndividualCalls=yes
When I did that, at least firewalld seemed to be running without any status errors.
Hopefully I’ve not ended up with a damaged system.
UPDATE: Yep. Damaged. I had to reload from backup.
It would appear Debian 10 has a firewall problem that Virtualmin hasn’t been able to correct.
Is there some “howto” for getting Debian 10 and a firewall to work and play well together under Virtualmin?
Hello jabowery The Ubertus team faced the same challenge. To resolve this, we use both nftables and firewalld from the Backport for Debian 10 Buster.
Below are detailed steps & info. If those are of interest.
Backup everything. This is optional, but recommended in the unlikely event that the following does not work.
Install nftables from the Debian Buster Backport repository. So that you get a more recent version.
Install firewalld from the Debian Buster Backport repository. So that you get a more recent version.
Adapt your Fail2Ban configurations appropriately for nftables. For example, but not limited to, using the Webmin Fail2Ban page, adapt its “Default action to apply” for nftables. For example nftables-multiport. Instead of iptables-multiport.
If fail2ban is not a fresh installation. It might need a few of its cycles to adapt itself.
If the above fails. Try the same steps but fully remove fail2ban, then reinstall a fresh new fail2ban.
Done. You have successfully resolved the challenge with fail2ban & iptables. Enjoy
Attribution to the Ubertus SysAdmin team & DevOps team for those steps