[Spce-user] Firewall and network updates not working right

Jiri Ptacnik ptakjura at gmail.com
Mon Feb 20 05:03:16 EST 2023 

Thanks Michael,

yes, rule is present in /etc/iptables/rules.v4 but port is still not open

it is the same for another rules I am trying.. for example I remove
default web_int rule and try to add my own rule for port 1443 and same
as example before - in rules.v4 it is presented, but port not opened

Yes, I can use predefined web_int and so on and this is working, but I
would like rather to have it specified myself with source IP limited
and so on...

I am planing to upgrade, but I had plan firstly solve this problems.

Jiri

po 20. 2. 2023 v 10:42 odesílatel Michael Prokop via Spce-user
<spce-user at lists.sipwise.com> napsal:
>
> Hi,
>
> * Jiri Ptacnik [Sat Feb 18, 2023 at 07:21:19PM +0100]:
>
> > 1) SPCE is bitching about second DNS, so I added second nameserver to
> > network.yml.
>
> > neth0:
> >       dns_nameservers:
> >       - 8.8.8.8 8.8.4.4
> >
> > ngcpcfg apply... reboot, stil bitching
>
> I assume you still have only one nameserver present in your
> /etc/resolv.conf, so this seems to be about /etc/network/interfaces
> vs /etc/resolv.conf. If you install the resolvconf package the
> dns-nameservers configuration present in /etc/network/interfaces
> should get honored.
>
> (On PRO systems we manage the /etc/resolv.conf file via ngcpcfg
> templates, we'll look into whether we could also support this on CE,
> reported internall as MT#56701.)
>
> > 2) in config.yml firewall turned on and added this line
> >
> > rules4:
> >     - -A INPUT -p tcp --dport 22 -s 1.2.3.4  -j ACCEPT
> >
> > ngcpfcfg apply
> > iptables-apply
> > reboot
> >
> > this rule is in iptables rules, seems ok, on ahother server this
> > works, but not working here
>
> What does "not working here" mean exactly? Is the rule present in
> /etc/iptables/rules.v4? Is it listed in "iptables -L -v -n"?
>
> > what the hell i am missing?
>
> Please pay attention to your wording, there's no need for such
> offensive style (bitching, hell,..).
>
> > SPCE 9.5.3
>
> FYI: this version isn't supported since around March 2022, you
> should consider upgrading to a more recent and supported
> release/build.
>
> regards
> -mika-
>
> --
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> http://lists.sipwise.com/mailman/listinfo/spce-user_lists.sipwise.com

More information about the Spce-user mailing list