Get Virtualizor

Firewall

Terminology

With firewall wizard you can apply iptables rules from panel itself.

firewall
Note
By default firewall will be disabled on panel, once you enabled it from panel we will apply our default rules which Virtualizor panel needs and we will set INPUT chain policy to DROP.
It is not advisable to manage firewall rules after enabling this option on panel.
Though service can be managed from cli using service name as virtfirewall :

systemctl status virtfirewall.service


Note
Please make sure you do not add the following port in BLOCK list : 4081-4085. We also use following ports for VNC so make sure you do not add the following ports to BLOCK list: 5900-6000.

Test Mode: By default testing mode will be on, But the testing interval will be started after staring/restarting firewall from panel, If testing interval is started then after stipulated time we will flush the rules and apply default rules that virtualizor needs.

Firewall Enable: This will start the Virtfirewall service, after starting the firewall we will reapply all the rules that are there in config.

Firewall Restart: This will restart the Virtfirewall service. after restating the firewall we will reapply all the rules that are there in config.

Firewall Disable: This will stop the Virtfirewall service, By stopping the firewall we will flush the rules and set INPUT chain to ACCEPT.

Set Testing Interval: This will set testing interval after which we will reset the rules.

Factory Reset: This is reapply default rules that are needed by virtualizor.

Firewall Version: This will show you the iptables version

View Iptables Rules: This will get the rules that are applied on server.

Block Port: Specify ports that you want to block, for multiple ports you can provide comma separated ports, for rang of ports you specify it like 300-310 or 300:320.

Allow Port: Specify ports that you want to allow, for multiple ports you can provide comma separated ports, for rang of ports you specify it like 300-310 or 300:320.

Block IP Address: Specify IPs that you want to block, for multiple IPs you can provide comma separated IPs.

Allow IP Address: Specify IPs that you want to allow, for multiple IPs you can provide comma separated IPs.

Block IP Address With Port: You can block IP Address to specific port using this option.

Allow IP Address With Port: You can allow IP Address to specific port using this option.

Search IP: You can search for rule that contains specified IP.


Default Rules

The following are the iptable rules that virtualizor requires.

/sbin/iptables -I VIRT_INPUT 1 -p tcp -m tcp --dport 4081:4085 -j ACCEPT
/sbin/iptables -I VIRT_INPUT 2 -p tcp -m tcp --dport 5900:7000 -j ACCEPT
/sbin/iptables -I VIRT_INPUT -p tcp -m multiport --dport 25,80,443,587 -j ACCEPT
/sbin/iptables -I VIRT_INPUT -p tcp -m multiport --dport 8443,2087,2086,10000 -j ACCEPT
/sbin/iptables -A VIRT_INPUT -i lo -j ACCEPT
/sbin/iptables -A VIRT_INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A VIRT_OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
/sbin/iptables -A VIRT_INPUT -p icmp --icmp-type echo-reply -j ACCEPT
/sbin/iptables -A VIRT_INPUT -p icmp --icmp-type echo-request -j ACCEPT
/sbin/iptables -A VIRT_OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

We also add Domain forwarding PORTS in iptables rules.

    Was this page helpful?
    Newsletter Subscription
    Subscribing you to the mailing list