Webmin's Linux-Firewall will not 'Activate at Boot' inside a Virtuozzo/OpenVZ VPS when running on Debian Lenny. I was surprised to find out, that my firewall had disappeared even after setting it in Webmin to start automatically during reboot. This has changed from Debian 4 to Debian 5, and may apply to other distros.
The setting will be lost after reboot due to interference from Virtuozzo/OpenVZ. The setting is recorded inside the file /etc/network/interfaces (as marked):
# This configuration file is auto-generated.
# WARNING: Do not edit this file, otherwise your changes will be lost.
# Please edit template /etc/network/interfaces.template instead.
auto lo
iface lo inet loopback
address 127.0.0.1
netmask 255.0.0.0
broadcast 127.255.255.255
up ip route replace 127.0.0.0/8 dev lo
post-up iptables-restore < /etc/iptables.up.rules
# Auto generated venet0 interfaces
auto venet0
...
In Virtuozzo/OpenVZ, the file is overwritten at each reboot, as documented here: http://wiki.vpslink.com/Differences_between_Virtual_Private_Servers_and_Dedicated_Servers
Webmin does not take this into account, as it has no awareness of the VPS environment. As a result the Webmin setting cannot be used inside the VPS. A workaround is to manually append the setting to /etc/network/interfaces.template in the applicable location:
post-up iptables-restore < /etc/iptables.up.rules
Comments
Submitted by JamieCameron on Mon, 06/08/2009 - 18:51 Comment #1
There is a work-around for this - in the Linux Firewall module, click on Module Config and set the 'IPtables save file to edit' to /etc/iptables.up.rules . Then enable the firewall at boot.
This will cause Webmin to create a separate init script to run iptables-restore at boot.
Submitted by Issues on Sun, 06/28/2009 - 01:25 Comment #2
Automatically closed -- issue fixed for 2 weeks with no activity.