Contact Information
No response
1Panel Version
v2.1.8
Problem Description
After a clean reinstall of 1Panel v2.1.8, the panel works normally at first.
However, after using Firewall -> initialize in the UI, 1Panel regenerates the following rules:
-A 1PANEL_BASIC_AFTER -p udp -m udp --dport 443 -j ACCEPT
-A 1PANEL_BASIC_AFTER -p tcp -j DROP
-A 1PANEL_BASIC_AFTER -p udp -j DROP
At the same time, /opt/1panel/firewall/1panel_basic_after.rules is recreated with the same content.
This conflicts with the allow rules in /opt/1panel/firewall/1panel_basic_before.rules, which already contains allow rules for ports such as 22, 10086, 80, and 443.
As a result, new external connections can be blocked before they reach the allow rules.
Important detail:
- The iptables advanced rules page is empty
- The issue appears after firewall initialization
- This does not look like a user-created advanced rule problem
Steps to Reproduce
- Install 1Panel v2.1.8 on Ubuntu 24.04 (OCI ARM64 in my case).
- Confirm panel and SSH are accessible normally.
- Open 1Panel UI and run Firewall initialization.
- Check generated rules:
iptables -S 1PANEL_BASIC_AFTER/opt/1panel/firewall/1panel_basic_after.rules
- Try a new external SSH connection or panel HTTP request.
The expected correct result
Firewall initialization should not generate unconditional global DROP rules that override explicitly allowed ports such as SSH and panel ports.
If 1Panel needs a default deny policy, it should be applied in a safe order and must not break explicitly allowed ports.
Related log output
1pctl version
版本: v2.1.8
模式: stable
iptables -S 1PANEL_BASIC_AFTER
-N 1PANEL_BASIC_AFTER
-A 1PANEL_BASIC_AFTER -p udp -m udp --dport 443 -j ACCEPT
-A 1PANEL_BASIC_AFTER -p tcp -j DROP
-A 1PANEL_BASIC_AFTER -p udp -j DROP
cat /opt/1panel/firewall/1panel_basic_after.rules
-A 1PANEL_BASIC_AFTER -p udp -m udp --dport 443 -j ACCEPT
-A 1PANEL_BASIC_AFTER -p tcp -j DROP
-A 1PANEL_BASIC_AFTER -p udp -j DROP
ss -lnt | grep -E ':22 |:10086 '
LISTEN 0 4096 0.0.0.0:22 0.0.0.0:*
LISTEN 0 4096 *:10086 *:*
LISTEN 0 4096 [::]:22 [::]:*
captured_at: 2026-04-13T05:56:00+00:00
Additional Information
- A clean reinstall temporarily removes the problem.
- After firewall initialization in the UI, the bad rules come back.
- The issue seems related to 1Panel firewall rule generation/order, not to cloud security groups or user-created advanced rules.
- This may be related to existing firewall issues:
Contact Information
No response
1Panel Version
v2.1.8
Problem Description
After a clean reinstall of 1Panel v2.1.8, the panel works normally at first.
However, after using Firewall -> initialize in the UI, 1Panel regenerates the following rules:
At the same time,
/opt/1panel/firewall/1panel_basic_after.rulesis recreated with the same content.This conflicts with the allow rules in
/opt/1panel/firewall/1panel_basic_before.rules, which already contains allow rules for ports such as22,10086,80, and443.As a result, new external connections can be blocked before they reach the allow rules.
Important detail:
Steps to Reproduce
iptables -S 1PANEL_BASIC_AFTER/opt/1panel/firewall/1panel_basic_after.rulesThe expected correct result
Firewall initialization should not generate unconditional global DROP rules that override explicitly allowed ports such as SSH and panel ports.
If 1Panel needs a default deny policy, it should be applied in a safe order and must not break explicitly allowed ports.
Related log output
Additional Information