I got completley screwed over by trying to install CSF, its destroyed my firewall tables and locked me out, I need to know how I can edit firewall rules manually in rescue mode to add custom ports webmin/ssh is running on my server.
Detailed what happened:
Tried to install CSF, but it threw errors after install using the perl script to check, which left me without a firewall.
Tried to run the uninstall script, it just wouldnt run, so I rebooted the server, only then would the CSF uninstall script run.
This still left me without any webmin firewall options to use! So I rebooted again hoping the webmin settings I had before would just be used, nope! This was a major mistake. Complete SSH/Webmin lockout.
Port 80/443 is working and website is up, but I cant SSH/Access webmin via its port I set or the default 10000, I changed the ports before for security.
I dont have any other firewall in use
I use OVH VPS
Luckily OVH has a rescue OS that you can boot into and mount the disk, I found /etc/iptables.up.rules which I added my webmin port, ssh port, I also edited the SSHD config to change the ssh port back to 22 and rebooted the server, but no dice.
I can only assume that this is not where the firewall rules are kept and I cant find it out from all my googleing!
Not sure whats happened when I rebooted after uninstalling CSF, but its left me completly locked out.
Have you looked through the systems logs while in “rescue”? Also make sure you are actually connected to the VPS from “rescue” as you’ll likely start in the “rescue” shell rather than the VPS’… Yes I know this may sound confusing, and when I have a bit more time I’d be happy to elaborate.
Basically, when you are actually editing the filesystem of the “VPS”, you can run the command “iptables -L”…
If you are seeing rules, you likely still have the firewall on… Also you can run “systemctl status csf” and/or “systemctl status iptables” to see whether they are running… If either are running, issue “systemctl stop iptables” and/or “systemctl stop csf” followed by “systemctl disable iptables” and/or “systemctl disable csf” to turn them off, and “disable” them until you’ve fixed the underlying problem.
Now restart the VPS in regular mode, and see if you can gain access.
If you are still struggling, and no one else has filled in the blanks, feel free to request a professional consult with me at: https://tpnassist.com
*** I’ll be available for such consult this evening – I’m on the west coast ***
Hopefully you’ve fixed this, but if not, and if you only have a mounted filesystem and can’t chroot to it then you can still sort this out.
look in /etc/systemd/system/multi-user.wants
in there you’ll find links to each of the services that’ll start. Just drop the link to the ones you don’t want then reboot. This shouldn’t break anything since these are just links that are made with systemctl enable xxxx
It may be worth dropping fail2ban as well just in case its doing something screwy.
Luckily, I found a solution to get me back in, OVH offers a KVM for VPS (Thank god) which allowed me to login as my user and open the ports I needed for SSH & Webmin in UFW, I think UFW was installed when I first setup the box years ago, and somehow it had defaulted back to this by not having a firewall present in Virtualmin/Webmin!
What I need to know now, is how do I set the firewall back to the one on Virutalmin/Webmin?
Under un-used modules I see “Linux Firewall” that still has all my old rules.
Or should I change to FirewallD? Im not sure which one is better to use?
how do I setup a default firewall via the webmin/virtuammin web UI to manage it from this web ui again
How do I get that module back showing in the main menu and not under the un-used modules
looks like fail2ban was disabled too, can I just start this or will this require more setup to get working again?
