Hi all,
this is my first post, and I am a newbie of SuiteCRM. I’ve just installed it and I’m making the first configurations.
I’ve installed suiteCRM by VMWare image. I note that the OS installed is a Debian:
Linux ucs-2933 4.9.0-14-amd64 #1 SMP Debian 4.9.246-2 (2020-12-17) x86_64 GNU/Linux.
I’m surprised that default ssh is reachable by any IP, without any drop rule.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http
**ACCEPT tcp -- anywhere anywhere tcp dpt:ssh**
I would like to grant access via ssh, just to one trusted IP.
But, also intervening by means of the usual commands (iptables-persistent), iptables configuration is lost at any reboot. It seems that something is overwriting by SuiteCRM.
Looking for a possible cause, I’ve found the following file
/etc/security/packetfilter.d/10_univention-firewall_start.sh
in which all the suitecrm default rules are set. These settings are not acceptable to me.
In the following an excerpt of such .sh file.
iptables --wait -A INPUT -p "tcp" --dport 22 -j ACCEPT
ip6tables --wait -A INPUT -p "tcp" --dport 22 -j ACCEPT
How can overwrite such rules, any attempt, as said, was unsuccessful. Why I cannot act directly by iptables, how can resolve such problem.
Thanks a lot to all of you.