firewall (iptabes) issue

[ethan_m]

Hi there
I have a directadmin server running on centos 7 machine. it's running for years.
We have our own firewall on the network so we don't need linux firewall anymore but I faced to some problems during deactivating the iptables.

I deactivated iptables using "service iptables stop" or "systemctl stop iptables " and "systemctl disable iptables", nothing happened an I still wasn't able to ping the server from outside.
Then I ran "iptables -F" and right after that, the server was inaccessible. nither the site nor the ssh was accessible after that and I shoud connect using vnc.

I'm looking fowrard fo a easy way to get rid of any kind of firewall on the linux and I want all ports and protocols remain open.

Please help me doing this

Thanks

 

[Richard G]

The first part is a good part, to stop iptables, but you probably did not flush the firewall before.
Which could cause still leave some parts or create the block.

Nowadays DA is installed with CSF, which is creating the iptables lines.

To disable all iptables and csf/lfd firewall activity you could try using the following procedure, ment for RH alike systems (Centos, Alma, Rocky)

First stop de CSF service from within DA.
Second disable csf/lfd firewall by login in via SSH and use the csf -x command.
Then disable both the iptables, ip6tables and csf/lfd services so they won't start again at boot.


Doublecheck if they are disabled at boot.
service csf status service lfd status service iptables status service ip6tables status

If all indeed are disabled at boot then remove lfd=ON from:
/usr/local/directadmin/data/admin/service.status
so DA won't start it again either.

After that, check your /etc/sysconfig directory. You will probably find a iptables-config and iptables6-config file in there.
Be sure that does not contain anything which activates anything. However, should not do any harm if the services are disabled.

Doublecheck again:
iptables -L

You only should get 3 parts, INPUT, FORWARD and OUTPUT and all 3 should say "Policy ACCEPT" and then you should be fine.
Reboot and doublecheck again, it it's the same, then you're fine.

 

[ethan_m]

The first part is a good part, to stop iptables, but you probably did not flush the firewall before.
Which could cause still leave some parts or create the block.

Nowadays DA is installed with CSF, which is creating the iptables lines.

To disable all iptables and csf/lfd firewall activity you could try using the following procedure, ment for RH alike systems (Centos, Alma, Rocky)

First stop de CSF service from within DA.
Second disable csf/lfd firewall by login in via SSH and use the csf -x command.
Then disable both the iptables, ip6tables and csf/lfd services so they won't start again at boot.


Doublecheck if they are disabled at boot.
service csf status service lfd status service iptables status service ip6tables status

If all indeed are disabled at boot then remove lfd=ON from:
/usr/local/directadmin/data/admin/service.status
so DA won't start it again either.

After that, check your /etc/sysconfig directory. You will probably find a iptables-config and iptables6-config file in there.
Be sure that does not contain anything which activates anything. However, should not do any harm if the services are disabled.

Doublecheck again:
iptables -L

You only should get 3 parts, INPUT, FORWARD and OUTPUT and all 3 should say "Policy ACCEPT" and then you should be fine.
Reboot and doublecheck again, it it's the same, then you're fine.

Thank you Richard G for the complete explanation.
I'll give it a go tomorrow.