+1

cant modify firewall

JL Griffin 9 years ago updated by Lexy 9 years ago 15
every since the last update, the firewall has been screwy. i lost everything, nothing was going thru including port 8000. i had to get someone from the datacenter to go into my server locally and open the ssh port again. once he did that i was able to get everything up and running again but since then it has been a night made. nothing seems to work. configurations overwrite themselves. saving iptables rules doesn't stick. soon as i save and close and reopen, the changes have been reverted (even using vim on command line). i would take ownership of the file and stop it from being modified, but then fail2 ban cant operate properly...

every time i click the firewall tab i get this:

Crashed
u'fail2ban-courierauth'
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/ajenti/plugins/main/main.py", line 158, in handle_message
    self.ui.dispatch_event(update['uid'], update['event'], update['params'])
  File "/usr/lib/pymodules/python2.7/ajenti/ui/__init__.py", line 72, in dispatch_event
    self.root.dispatch_event(uid, event, params)
  File "/usr/lib/pymodules/python2.7/ajenti/ui/element.py", line 382, in dispatch_event
    if child.dispatch_event(uid, event, params):
  File "/usr/lib/pymodules/python2.7/ajenti/ui/element.py", line 378, in dispatch_event
    self.event(event, params)
  File "/usr/lib/pymodules/python2.7/ajenti/ui/element.py", line 402, in event
    getattr(self, 'on_%s' % self_event)(**(params or {}))
  File "/usr/lib/pymodules/python2.7/ajenti/plugins/main/main.py", line 381, in on_switch
    child.broadcast('on_page_load')
  File "/usr/lib/pymodules/python2.7/ajenti/ui/element.py", line 356, in broadcast
    getattr(self, method)(*args, **kwargs)
  File "/usr/lib/pymodules/python2.7/ajenti/plugins/iptables/main.py", line 149, in on_page_load
    self.config.load()
  File "/usr/lib/pymodules/python2.7/reconfigure/configs/base.py", line 46, in load
    self.nodetree = self.parser.parse(self.content)
  File "/usr/lib/pymodules/python2.7/reconfigure/parsers/iptables.py", line 37, in parse
    chains[chain].append(node)
KeyError: u'fail2ban-courierauth'
here's the problem, Fail2Ban isnt running. i was having so many issues with the firewall i decided not to further complicate it with Fail2Ban, so i set all to sections to false in Fail2Ban and yet i still get this.

What the heck is going on and when can we expect to see it fixed?
ok honestly, has support for ajenti just up and died? nothing gets replied to anymore, no help on anything, every problem i've had lately i've had to figure out by futzing with things, rather than getting actual support from anyone. this may be even more frustrating that the actual bugs! what gives!?
I cant help you with ubuntu,
but you shoud check fail2ban and fail2ban-courierauth services
fix them and restart them, then restart firewall ,then ajenti
sorry for my bad english
Its ok. if english is not your first language then you are doing very well. i wouldnt have known.

I did what you said though. all fail2ban services have been turned off. i actually removed the services completely. purged fail2ban from the system still no change. if i click continue, then click load current state i can work in it without error. saving changes causes a crash again and if i click load current state then all works properly until i need to make another change. the 2 lines for fail2ban exim4 and courier will not remove from the config. i delete them, save changes restart ufw, the 2 lines are injected back in again. i tried write protecting the config file, but that made ufw unable to start.
no, please don't disable service or delete service manualy
never change config manually , because ajenti will overwrite it ,
i looked in into your error log, there is nothing wrong with firewall, you should fix fail2ban
install fal2ban correctly , and restart , fail2ban & firewall & ajenti service
then click on firewall tab , if you get error again , tell me

sorry for my bad english ,be happy
what choice did i have? i couldnt do anything! no web traffic, no mail traffic no ftp traffic. the onlly way i could get ssh was to have someone at the vps datacenter locally access the vps open the port and change permissions the file so ajenti couldnt muck it up again. even the terminal in the ajenti panel wouldnt work. i finally managed to get most everything working but the mail system wouldn't send nor receive mail until i purged fail2ban off the system. i have clients who need the mail service daily and i was almost 3 days with no mail. i had no choice but to purge it manually and why shouldn't i be able to manually manage my server? the whole focus of ajenti is supposed to be an assistance tool not a takeover. it specifically says "Doesnt Screw Up Your System. Ajenti won't damage your existing configuration or tell you how to do your job. Preserves config structure and comments." except this is obviously, not the case.
And there was nothing wrong with fail2ban either. the configs had everything completely shut off. everything disabled, and now its completely gone off the system yet i still have this issue. and this setup worked flawlessly for months until the last update happened. UFW & iptables were updated in the ubuntu repos and everything has been screwed up since then.
if i was you,
disable and remove, iptables and firewall and fail2ban, reboot server
i have experience with all control panel, for exam ispconfig,cpanel,...
all of theme have issue with firewall and iptables

but if you need firewall and iptables and cant live without it, you should install fail2ban
i told you earlier , the only way , install fail2ban, install firewall, and restart every thing
if fail2ban work fine, you never get error again
try just installing and configuring correctly fail2ban, not remove it

sorry for my bad english ,be happy
+1
ive used a ton of panels as well, i cant stand cpanel, bu ti have extensive experience with zpanel and ispconfig, i always set up a firewll with fail2ban behind them because its a useful tool for fining out where abuse is occurring and thwarting minor attacks, ive never had an issue quite like this. the firewall itself works just fine as long as i dont access it in the panel. now if this was my physical datacenter id just use a minimal firewall config and use a pfsense box in front of the server(s) to thwart off major attacks and abuse. i unfortunately do not have that option sinc eim running vps at a datacenter i have no control over.

ill try removing firewall as well and then reinstall ufw and iptables and fail2ban and see if that fixes the issue
Is it your problem solved?
somewhat. at least now i can get to the firewall tab without error, however i still cannot dump those lines from the configuration. this is absolutely the most frustrating issue ive had. everything else on the panel is phenominal, and this was just fine until whatever happened.

im glad to hear you can get to the firewall without error, but if you can fix issue, plz tell me how to do it
thanks, be well
will do. thank you for your help on the issue, its very frustrating when you post and no one replies so it is nice to have someone reply!

its my honor to help you