I think I have searched everything related, but I could not find it.
I have an external VPS running Clearos Standalone. I want to close port 81 because I can access the box with SSH or VPN.
In the firewall configuration webconfig port 81 is dimmed, so I can't change it there.
After deleting the rule in /etc/clearos/firewall.conf, the rule is created again.
Anyone has the trick?
I have an external VPS running Clearos Standalone. I want to close port 81 because I can access the box with SSH or VPN.
In the firewall configuration webconfig port 81 is dimmed, so I can't change it there.
After deleting the rule in /etc/clearos/firewall.conf, the rule is created again.
Anyone has the trick?
In Firewall
Share this post:
Responses (4)
-
Accepted Answer
Pasquale Mari wrote:
But if you're running in the cloud, I would have thought you should be using Standalone mode and not "Standalone - no firewall", in which case port 82 is closed anyway, or have I missed something?
I apologise for starting this thread again, but if the webproxy service is enabled and activated, you must also close port 82 because there is the possibility of accessing the management access page via http.
Ex. http://[EXTERNAL IP]:82/app/base/session/login/
So you could modify the rule like this:
$IPTABLES -I INPUT 1 -p tcp -i [interface] --match multiport --dports 81,82 -j DROP -
Accepted Answer
I apologise for starting this thread again, but if the webproxy service is enabled and activated, you must also close port 82 because there is the possibility of accessing the management access page via http.
Ex. http://[EXTERNAL IP]:82/app/base/session/login/
So you could modify the rule like this:
$IPTABLES -I INPUT 1 -p tcp -i [interface] --match multiport --dports 81,82 -j DROP -
Accepted Answer
Thanks Nick,
Later (after I posted this question) I found this in /usr/clearos/apps/incoming_firewall/views/allow/summary.php:
// Special case - don't allow users to lock themselves out of webconfig
// - standalone mode
// - remote
if (($rule['protocol'] == Firewall::PROTOCOL_TCP) && ($rule['port'] == 81)
&& ($mode === Network::MODE_STANDALONE)) {
$options['state'] = FALSE;
} else {
$options['state'] = TRUE;
}
My hope for an elegant solution through webconfig disappeared because this is hardcoded.
Thanks again for your solution (why didn't I think of that)
and I am going to try it. -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »