What's New in 2.1
We're excited to announce ISPProtect BanDaemon 2.1.0, a significant update focused on improving compatibility with modern Linux distributions and enhancing the overall user experience. This release addresses critical compatibility issues with nf_tables-based systems and provides comprehensive documentation improvements.
New Features
Configurable iptables Legacy Mode
Added a new configuration option IPTABLES_LEGACY to provide explicit control over iptables backend selection:
- Configurable backend selection: Choose between regular iptables and iptables-legacy commands
- Automatic fallback logic: Intelligent detection and fallback mechanisms
- Installation integration: Configuration option automatically added during installation
- Default safety: Defaults to false (regular iptables) for maximum compatibility
define('IPTABLES_LEGACY', true); // Enable legacy mode for nf_tables compatibility
Enhanced nf_tables Compatibility
Comprehensive improvements for modern Linux distributions using nf_tables backend:
- Automatic detection: Smart detection of iptables backend requirements
- Error handling: Clear error messages when legacy commands are required but unavailable
- Graceful degradation: Maintains functionality across different system configurations
Improvements
Comprehensive Documentation Overhaul
Major improvements to both user and technical documentation:
- Corrected iptables commands: All documentation now correctly references the mangle table (-t mangle)
- Simplified command structure: Replaced multiple individual chain commands with single comprehensive commands
- nf_tables guidance: Added clear instructions for legacy command usage when needed
- Updated troubleshooting: Enhanced troubleshooting sections with accurate command examples
- Configuration examples: Updated all configuration examples to include new settings
Installation and Configuration
Enhanced installation process and configuration management:
- Automatic configuration: New settings automatically added to config files during installation
- Backward compatibility: Existing installations remain unaffected
- Clear defaults: Sensible default values for all new configuration options
Uninstaller Enhancements
Updated uninstallation script with improved iptables handling:
- Legacy command support: Automatic detection and use of appropriate iptables commands
- Complete cleanup: Ensures all firewall rules are properly removed regardless of backend
- Enhanced error handling: Better error messages and graceful handling of missing commands
Bug Fixes
Fixed iptables Chain Visibility Issues
Resolved issues where users couldn't see ispprotect chains with standard iptables commands:
- Root cause: Chains were created in mangle table but documentation showed filter table commands
- Solution: Updated all documentation to use correct -t mangle parameter
- Impact: Users can now properly view and manage firewall rules
Documentation Accuracy
Fixed numerous documentation inconsistencies and errors:
- Command corrections: All iptables commands now reference the correct table
- Legacy command examples: Added comprehensive legacy command alternatives
- Troubleshooting updates: Corrected troubleshooting procedures and examples
Compatibility
| Component | Status | Notes |
|---|---|---|
| PHP 5.6 - 8.3 | ✅ Supported | Full compatibility maintained |
| MySQL 5.5+ | ✅ Supported | No changes required |
| MariaDB 10.0+ | ✅ Supported | Full compatibility |
| iptables (legacy) | 🔄 Enhanced | Improved detection and support |
| nf_tables systems | 🔄 Enhanced | New compatibility layer added |
| Debian/Ubuntu | 🔄 Enhanced | Better support for modern distributions |
Migration Guide
Upgrading from 2.0.x
Simple One-Command Upgrade: The easiest way to upgrade is using the built-in update command.
ispprotect_bandaemon --update
This command automatically handles stopping and starting the service as needed.
Manual Installation Process:
- Stop the bandaemon service: sudo systemctl stop ispprotect_bandaemon
- Install the new version using the standard installation process
- Start the service: sudo systemctl start ispprotect_bandaemon
- Verify operation: sudo iptables -t mangle -L -v -n
For nf_tables compatibility issues:
If you encounter "nf_tables incompatible" errors, add this to your configuration:
define('IPTABLES_LEGACY', true);
Technical Details
Configuration Changes
- New setting: IPTABLES_LEGACY - Controls iptables backend selection
- Default value: false (uses regular iptables commands)
- Location: Added to config.inc.php during installation
Command Changes
- View chains: sudo iptables -t mangle -L -v -n
- Legacy mode: sudo iptables-legacy -t mangle -L -v -n
- Quick status: Single command shows all chains and rules
Looking Ahead
We're continuously working to improve ISPProtect BanDaemon. Future releases will focus on:
- Advanced threat detection: Enhanced attack pattern recognition
- Performance optimizations: Reduced resource usage and faster response times
- Integration improvements: Better compatibility with container environments
- Monitoring enhancements: More detailed reporting and analytics
ISPProtect BanDaemon 2.1.0 - Protecting servers worldwide since 2015
© 2025 ISPProtect. All rights reserved.
Marius Burkard has been working as a software developer for 20 years and has several years of experience as a server administrator. As one of the lead developers of the ISPConfig control panel and technical contact for several hundred web hosting customers, he has extensive experience with malware, hacked websites and the analysis of vulnerabilities.