vps firewall configuration

[btimms]

When aura was restored a couple of weeks back the virtuozzo firewall iptables were blocking outgoing SMTP connections - which JPC has fixed. As a result, and also trying to learn something, I've tried changing the 3 settings in the virtuozzo firewall control panel (normal, default accept, and default drop) and testing if I could access webmail. The only way accessing webmail works is "default accept" - I guess I don't understand why the "normal" setting doesn't allow simple webmail access. I've read through virtuozzo firewall chapter and its not very clear to me. Does anyone have any pointers or suggestions on setting this up? And, what about a different firewall like CSF that has a WHM configuration interface. In reading about CSF and its rulesets - their terminology is much more understandable to me than Virtuozzo.

Any suggestions or comments appreciated.

[jason]

OK, here's a complete guess, but from the sounds of things "normal" is a default setting for IPTables. Since webmail usually runs on ports that are not in the range of what's considered "well known ports" (things like SSH, FTP, HTTP, etc.) then the normal settings for the webmail ports (in general on a non-cpanel server) is probably "block."

--Jason

[btimms]

Good suggestion. In "normal" mode I can access ftp, ssh, and http. But not, IMAP, SMTP, or cPanel. I do think its very possible that this is still a ports issue.

[jason]

For best results you should probably explicitly allow or deny everything according to how you want your site configured and not rely on "normal" settings. If a normal setting changes it could cause problems that may not be immeadiately noticable.

--Jason

[btimms]

The "normal" settings are pretty much unusable in my estimation. So, as you suggest, I will allow/deny individual rules as needed. Thanks.

[thisisit3]

You can enable "normal" settings and add any extra ports you want by hand.