diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 6de768f7e5ca7594d863efc721f013209c290bf4..48156e64baf2d9dc3ffb57c918fbe6d6adf3671d 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -449,18 +449,18 @@ class installer_base {
 		}
 		$current_db_version = intval($current_db_version);
 
-
+		$firewall_placeholder = '{"FTP":[20,21,"40110:40210"],"MAIL":[25,110,143,465,587,993,995],"RSPAMD":[11334],"DNS":[53],"WEB":[80,443],"ISPCONFIG":[8080,8081],"CUSTOM_TCP":[""],"CUSTOM_UDP":[""]}';
 		if($conf['mysql']['master_slave_setup'] == 'y') {
 
 			//* Insert the server record in master DB
-			$sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);";
-			$this->dbmaster->query($sql, $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);
+			$sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`, `firewall_placeholder`) VALUES (1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?, ?);";
+			$this->dbmaster->query($sql, $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled, $firewall_placeholder);
 			$conf['server_id'] = $this->dbmaster->insertID();
 			$conf['server_id'] = $conf['server_id'];
 
 			//* Insert the same record in the local DB
-			$sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (?,1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);";
-			$this->db->query($sql, $conf['server_id'], $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);
+			$sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`, `firewall_placeholder`) VALUES (?,1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?, ?);";
+			$this->db->query($sql, $conf['server_id'], $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled, $firewall_placeholder);
 
 			//* username for the ispconfig user
 			$conf['mysql']['master_ispconfig_user'] = 'ispcsrv'.$conf['server_id'];
@@ -469,8 +469,8 @@ class installer_base {
 
 		} else {
 			//* Insert the server, if its not a mster / slave setup
-			$sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);";
-			$this->db->query($sql, $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);
+			$sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`, `firewall_placeholder`) VALUES (1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?, ?);";
+			$this->db->query($sql, $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled, $firewall_placeholder);
 			$conf['server_id'] = $this->db->insertID();
 			$conf['server_id'] = $conf['server_id'];
 		}
diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..e720d518a30a9ee262e72ef1ce6e4ea7d3649d87 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -0,0 +1,3 @@
+ALTER TABLE `server`
+ADD `firewall_placeholder` TINYTEXT NOT NULL;
+UPDATE `server` SET `firewall_placeholder` = '{"FTP":[20,21,"40110:40210"],"MAIL":[25,110,143,465,587,993,995],"RSPAMD":[11334],"DNS":[53],"WEB":[80,443],"ISPCONFIG":[8080,8081],"CUSTOM_TCP":[""],"CUSTOM_UDP":[""]}';
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 006beb6b53945de3403408dac1bfcbab8b7bb498..3aba2e98d64a979dd0780ce4063a15226309ed02 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -1367,6 +1367,7 @@ CREATE TABLE `server` (
   `mirror_server_id` int(11) unsigned NOT NULL default '0',
   `dbversion` int(11) unsigned NOT NULL default '1',
   `active` tinyint(1) NOT NULL default '1',
+  `firewall_placeholder` TINYTEXT NOT NULL,
   PRIMARY KEY  (`server_id`)
 ) DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
 
diff --git a/interface/lib/classes/plugin_server_firewall_placeholder.inc.php b/interface/lib/classes/plugin_server_firewall_placeholder.inc.php
new file mode 100755
index 0000000000000000000000000000000000000000..8cb628665e0d311dec93220ea876565b357490d7
--- /dev/null
+++ b/interface/lib/classes/plugin_server_firewall_placeholder.inc.php
@@ -0,0 +1,120 @@
+<?php
+
+/*
+Copyright (c) 2020, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class plugin_server_firewall_placeholder extends plugin_base {
+
+	var $module;
+	var $form;
+	var $tab;
+	var $record_id;
+	var $formdef;
+	var $options;
+
+	function onShow() {
+		global $app;
+
+		if($_SESSION['s']['user']['typ'] != 'admin') die('This function needs admin priveliges');
+
+		$listTpl = new tpl;
+		$listTpl->newTemplate('templates/server_config_firewall_placeholder_edit.htm');
+
+		//* Get the data
+		$temp = $app->db->queryOneRecord('SELECT `firewall_placeholder` FROM `server` WHERE `server_id` = ?', $this->form->id);
+		$data = json_decode($temp['firewall_placeholder'], true);
+		foreach($data as $idx=>$val) {
+			$records[$idx] = implode(',',$val);
+		}
+		if(is_array($records)) {
+			foreach($records as $service=>$ports) {
+				$rec['service'] = $app->functions->htmlentities($service);
+				$rec['ports'] = $ports;
+				$records_new[] = $rec;
+			}
+		}
+		$listTpl->setLoop('records',@$records_new);
+		$listTpl->setVar('parent_id',$this->form->id);
+
+
+                // Setting Returnto information in the session
+                $list_name = 'server_firewall_placeholder';
+                $_SESSION['s']['list'][$list_name]['parent_id'] = $this->form->id;
+                $_SESSION['s']['list'][$list_name]['parent_name'] = $app->tform->formDef['name'];
+                $_SESSION['s']['list'][$list_name]['parent_tab'] = $_SESSION['s']['form']['tab'];
+                $_SESSION['s']['list'][$list_name]['parent_script'] = $app->tform->formDef['action'];
+                $_SESSION['s']['form']["return_to"] = $list_name;
+		return $listTpl->grab();
+	} 
+
+	function onUpdate() {
+		global $app;
+
+		$dataRecord = $this->form->dataRecord;
+		$server_id = intval($dataRecord['id']);
+		$temp = $app->db->queryOneRecord('SELECT `firewall_placeholder` FROM `server` WHERE `server_id` = ?', $server_id);
+		$data = json_decode($temp['firewall_placeholder'], true);
+		$update = false;
+		$error = '';
+		foreach($data as $idx=>$val) {
+			//* validate updates
+			if($dataRecord[$idx] != implode(',',$val)) {
+				$new = array();
+				$check = explode(',',$dataRecord[$idx]);
+				foreach($check as $_idx=>$validate) {
+					$validate = trim($validate);
+					if($validate != '') {
+						if(!preg_match('/^\d{1,5}(?::\d{1,5})?(?:,\d{1,5}(?::\d{1,5})?)*$/', $validate)) {
+							$error .= "Invalide value $validate for $idx <br>";
+						} else {
+							$new[] = $validate;
+						}
+					}
+				}
+				if(!empty($new)) $dataRecord[$_idx] = implode(',', $new);
+				$data[$idx] = explode(',',$dataRecord[$_idx]);
+				$update = true;
+			}
+		}
+
+		if($error != '') {
+			$app->error($error);
+		}
+
+		if($update) {
+			$app->db->query('UPDATE `server` SET `firewall_placeholder` = ? WHERE `server_id` = ?', json_encode($data), $server_id);
+			$firewall = $app->db->queryOneRecord('SELECT * FROM `firewall` WHERE `server_id` = ? AND `active` = ?', $server_id, 'y');
+			if($firewall) {
+				$app->db->datalogUpdate('firewall', $firewall, 'firewall_id', $firewall['firewall_id'], true);
+			}
+		}
+			
+	}
+
+}
+
diff --git a/interface/lib/classes/sites_database_plugin.inc.php b/interface/lib/classes/sites_database_plugin.inc.php
index 68421d6083ddd0eafaf56c539bcb040d4917fe2c..c3693053c1bda3d52f58c2f107d84e18aa4d1581 100644
--- a/interface/lib/classes/sites_database_plugin.inc.php
+++ b/interface/lib/classes/sites_database_plugin.inc.php
@@ -51,6 +51,14 @@ class sites_database_plugin {
 
 			$sql = "UPDATE web_database SET sys_groupid = ?, backup_interval = ?, backup_copies = ? WHERE database_id = ?";
 			$app->db->query($sql, $sys_groupid, $backup_interval, $backup_copies, $form_page->id);
+
+			if($form_page->dataRecord['remote_access'] == 'y' && $form_page->dataRecord['active'] == 'y') {
+				$firewall = $app->db->queryOneRecord("SELECT * FROM firewall WHERE active = 'y' AND server_id = ?", $form_page->dataRecord['server_id']);
+				if($firewall) {
+					$app->db->datalogUpdate('firewall', $firewall, 'firewall_id', $firewall['firewall_id'], true);
+					file_put_contents("debug", "update fw");
+				}
+			}
 		}
 	}
 
diff --git a/interface/lib/classes/validate_firewall.inc.php b/interface/lib/classes/validate_firewall.inc.php
new file mode 100755
index 0000000000000000000000000000000000000000..f9aed6a07787af38f711f2c4e8e1e080530dcb81
--- /dev/null
+++ b/interface/lib/classes/validate_firewall.inc.php
@@ -0,0 +1,65 @@
+<?php
+
+/**
+ Copyright (c) 2020, Florian Schaal, schaal @it UG
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without modification,
+ are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ * Neither the name of ISPConfig nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+
+class validate_firewall {
+
+	function get_error($errmsg) {
+		global $app;
+		if(isset($app->tform->wordbook[$errmsg])) {
+			return $app->tform->wordbook[$errmsg]."<br>\r\n";
+		} else {
+			 return $errmsg."<br>\r\n";
+		}
+	}
+
+	function check_firewall($field_name, $field_value, $validator) {
+		global $app;
+
+		$temp = $app->db->queryOneRecord('SELECT firewall_placeholder FROM server WHERE server_id = ?', intval($_POST['server_id']));
+		$records = json_decode($temp['firewall_placeholder'], true);
+		foreach($records as $idx=>$val) $placeholder[] = '{'.$idx.'}';
+		$placeholder[] = '{AUTO}';
+
+		if($field_value != '') {
+//			print_R($placeholder);
+			$temp = str_replace($placeholder, '', $field_value);
+			$ports = explode(',', $temp);
+			$ports = array_filter($ports, function($value) { return !is_null($value) && $value !== ''; });
+			if(!empty($ports)) {
+				$regex = '/^\d{1,5}(?::\d{1,5})?(?:,\d{1,5}(?::\d{1,5})?)*$/';
+				if(!preg_match($regex, implode(',', $ports))) return $this->get_error($validator['errmsg']);
+			}
+		}
+	}
+
+}
+
diff --git a/interface/web/admin/firewall_edit.php b/interface/web/admin/firewall_edit.php
index 01cad2b815b1c09775bf0a95ac31b57e01dcefec..23008b4b125a8f79644c2b2328052505d5083a84 100644
--- a/interface/web/admin/firewall_edit.php
+++ b/interface/web/admin/firewall_edit.php
@@ -64,7 +64,6 @@ class page_action extends tform_actions {
 		parent::onShowEnd();
 	}
 
-
 	function onBeforeUpdate() {
 		global $app, $conf;
 
diff --git a/interface/web/admin/form/firewall.tform.php b/interface/web/admin/form/firewall.tform.php
index eb7dcb3acf83bf7d603d7a3454fe62b2610b2ee9..9170af72901ff3eb2ab5308196dcbab468dc6462 100644
--- a/interface/web/admin/form/firewall.tform.php
+++ b/interface/web/admin/form/firewall.tform.php
@@ -75,11 +75,15 @@ $form["tabs"]['firewall'] = array (
 		'tcp_port' => array (
 			'datatype' => 'VARCHAR',
 			'formtype' => 'TEXT',
-			'validators' => array (  0 => array ( 'type' => 'REGEX',
-					'regex' => '/^$|\d{1,5}(?::\d{1,5})?(?:,\d{1,5}(?::\d{1,5})?)*$/',
-					'errmsg'=> 'tcp_ports_error_regex'),
-			),
-			'default' => '20,21,22,25,53,80,110,143,443,465,587,993,995,3306,8080,8081,10000',
+			'validators' => array (  
+				0 => array (
+					'type'  => 'CUSTOM',
+					'class' => 'validate_firewall',
+					'function' => 'check_firewall',
+					'errmsg'=> 'tcp_ports_error_regex'
+				)
+             ),
+			'default' => '{AUTO}',
 			'value'  => '',
 			'width'  => '30',
 			'maxlength' => '255'
@@ -87,11 +91,15 @@ $form["tabs"]['firewall'] = array (
 		'udp_port' => array (
 			'datatype' => 'VARCHAR',
 			'formtype' => 'TEXT',
-			'validators' => array (  0 => array ( 'type' => 'REGEX',
-					'regex' => '/^$|\d{1,5}(?::\d{1,5})?(?:,\d{1,5}(?::\d{1,5})?)*$/',
-					'errmsg'=> 'udp_ports_error_regex'),
-			),
-			'default' => '53,3306',
+			'validators' => array (  
+				0 => array (
+					'type'  => 'CUSTOM',
+					'class' => 'validate_firewall',
+					'function' => 'check_firewall',
+					'errmsg'=> 'udp_ports_error_regex'
+				)
+             ),
+			'default' => '{AUTO}',
 			'value'  => '',
 			'width'  => '30',
 			'maxlength' => '255'
diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php
index 1818b2ef3b6035f24dbdc8b9892d3e37077b73b8..17fd55b6938739379704ffa96b5fe8f358032ebc 100644
--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -2072,6 +2072,20 @@ $form["tabs"]['rescue'] = array(
 		//#################################
 	)
 );
+$form['tabs']['firewall_placeholder'] = array(
+	'title' => 'firewall_placeholder',
+	'width' => 80,
+	'template' => 'templates/server_config_firewall_placeholder.htm',
+	'readonly' => false,
+	'plugins' => array (
+		'placeholder_records' => array (
+			'class'   => 'plugin_server_firewall_placeholder',
+			'options' => array(
+			)
+		)
+	)
+);
+
 
 /*$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
 if(!isset($mail_config['rspamd_available']) || $mail_config['rspamd_available'] != 'y') {
diff --git a/interface/web/admin/lib/lang/ar_server_config.lng b/interface/web/admin/lib/lang/ar_server_config.lng
index b95b3567e643ade50e58d56385c1a96a27f34ca4..d286780a9e54dcba93ce3b3591c82baa1d615cbf 100644
--- a/interface/web/admin/lib/lang/ar_server_config.lng
+++ b/interface/web/admin/lib/lang/ar_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/bg_server_config.lng b/interface/web/admin/lib/lang/bg_server_config.lng
index fcd34e729236a8ef04c17c9b5f4e40f03dd56fbc..c285fa53bc85c6bef689aa363f225e8bd392bf7f 100644
--- a/interface/web/admin/lib/lang/bg_server_config.lng
+++ b/interface/web/admin/lib/lang/bg_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/br_server_config.lng b/interface/web/admin/lib/lang/br_server_config.lng
index 0e8d43ca8e8aec70ac114f5fd0e541917dd94e8c..1b0698ab5469e37798e4f2da200c188a2754f3be 100644
--- a/interface/web/admin/lib/lang/br_server_config.lng
+++ b/interface/web/admin/lib/lang/br_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Usar links físicos é inseguro, mas eco
 $wb['jailkit_hardlinks_allow_txt'] = 'Permitir links físicos enjaulados';
 $wb['jailkit_hardlinks_no_txt'] = 'Não, remover arquivos de links físicos';
 $wb['jailkit_hardlinks_yes_txt'] = 'Sim, usar links físicos quando possível';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/ca_server_config.lng b/interface/web/admin/lib/lang/ca_server_config.lng
index 2e02e31c6bdf2d7da192217840790a6b67cab547..2db680959287496f8a48df41070740a3da4baffe 100644
--- a/interface/web/admin/lib/lang/ca_server_config.lng
+++ b/interface/web/admin/lib/lang/ca_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/cz_server_config.lng b/interface/web/admin/lib/lang/cz_server_config.lng
index 633db75fbdbb02daa5ddff7d4f4e23c10ba24e75..534cc1f15e2d97768e5419988433a0e55bec5658 100644
--- a/interface/web/admin/lib/lang/cz_server_config.lng
+++ b/interface/web/admin/lib/lang/cz_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'Ne, odstranit soubory s pevným odkazem';
 $wb['jailkit_hardlinks_yes_txt'] = 'Ano, pokud je to možné, použijte pevné odkazy';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/de_server_config.lng b/interface/web/admin/lib/lang/de_server_config.lng
index e287b9a622ba535b131ff89973df109f0a6d7478..e8fb52680fc024ba2b2a0a80187b502021a53929 100644
--- a/interface/web/admin/lib/lang/de_server_config.lng
+++ b/interface/web/admin/lib/lang/de_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/dk_server_config.lng b/interface/web/admin/lib/lang/dk_server_config.lng
index 77a29251d5f04bf555efac9dcc375a292ac4ba65..b7c93665b735a390269dc0ce05a1887e0a36b923 100644
--- a/interface/web/admin/lib/lang/dk_server_config.lng
+++ b/interface/web/admin/lib/lang/dk_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/el_server_config.lng b/interface/web/admin/lib/lang/el_server_config.lng
index 091362450336ed29a7f1722e0654a1b2742fcff8..b16a3dd6629e6ae56cdace7d5fd5edd6a0a1be8c 100644
--- a/interface/web/admin/lib/lang/el_server_config.lng
+++ b/interface/web/admin/lib/lang/el_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/en_server_config.lng b/interface/web/admin/lib/lang/en_server_config.lng
index 3df6f02dfb259848bd0acf9bca6c82fcb4d68858..1a1d0e6b2893e5af995f3a5e50a3f1c9ab988bac 100644
--- a/interface/web/admin/lib/lang/en_server_config.lng
+++ b/interface/web/admin/lib/lang/en_server_config.lng
@@ -332,3 +332,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/es_server_config.lng b/interface/web/admin/lib/lang/es_server_config.lng
index fadf3180c0e6c3f0df2021d8ddb51afd265141b1..ab0ac1504c5b9049ebacba95bda746e268834881 100644
--- a/interface/web/admin/lib/lang/es_server_config.lng
+++ b/interface/web/admin/lib/lang/es_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/fi_server_config.lng b/interface/web/admin/lib/lang/fi_server_config.lng
index ec974d3249b45ba64ec226973046810ddf75a65d..f8d77d895d07404808231b2da8426a533c23e763 100644
--- a/interface/web/admin/lib/lang/fi_server_config.lng
+++ b/interface/web/admin/lib/lang/fi_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/fr_server_config.lng b/interface/web/admin/lib/lang/fr_server_config.lng
index a413c4214dd866f64448b7d1d98aebd5e8bd29a8..4b945f050b6662fb69affbb64400bb82bcb9d7cf 100644
--- a/interface/web/admin/lib/lang/fr_server_config.lng
+++ b/interface/web/admin/lib/lang/fr_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/hr_server_config.lng b/interface/web/admin/lib/lang/hr_server_config.lng
index 4eb3574d45e3ea063957d014bc3401ccfb341ff0..4569be2c6a33664168cba56257cc778ff9fb7403 100644
--- a/interface/web/admin/lib/lang/hr_server_config.lng
+++ b/interface/web/admin/lib/lang/hr_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/hu_server_config.lng b/interface/web/admin/lib/lang/hu_server_config.lng
index 73f0181f3d27408d5e824796d623ae4ff68e4b4e..910a0b7b35bf3e72b1105bee84d4fd767c7ccb8f 100644
--- a/interface/web/admin/lib/lang/hu_server_config.lng
+++ b/interface/web/admin/lib/lang/hu_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/id_server_config.lng b/interface/web/admin/lib/lang/id_server_config.lng
index 3555ba32889e25ef93546a4461a3a797aa004687..f1c9a3dbe0d142bcc35aa003e353b67fd4971e9c 100644
--- a/interface/web/admin/lib/lang/id_server_config.lng
+++ b/interface/web/admin/lib/lang/id_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/it_server_config.lng b/interface/web/admin/lib/lang/it_server_config.lng
index 39b7161ddf1f04d054637fc4e19928769f263eda..a5706531eb2488609be2b6eb61a0d457212e6c5c 100644
--- a/interface/web/admin/lib/lang/it_server_config.lng
+++ b/interface/web/admin/lib/lang/it_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/ja_server_config.lng b/interface/web/admin/lib/lang/ja_server_config.lng
index a50922639c704258f945e4060ddf4185d7c3e70a..fbee8a11adbf943c2cdc59b34ef4771b1ef92d85 100644
--- a/interface/web/admin/lib/lang/ja_server_config.lng
+++ b/interface/web/admin/lib/lang/ja_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/nl_server_config.lng b/interface/web/admin/lib/lang/nl_server_config.lng
index 9ef50bb6c123ade3a360f4fc8db0575b409b8e7c..1f74b8b0f68e0172b30be2fc45b711dc781f7241 100644
--- a/interface/web/admin/lib/lang/nl_server_config.lng
+++ b/interface/web/admin/lib/lang/nl_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/pl_server_config.lng b/interface/web/admin/lib/lang/pl_server_config.lng
index af839bb2e3bce7e4e77aa651716fae9064b52872..9eec1d3c784dc020bcaeec15a043c36bcb08aa7e 100644
--- a/interface/web/admin/lib/lang/pl_server_config.lng
+++ b/interface/web/admin/lib/lang/pl_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/pt_server_config.lng b/interface/web/admin/lib/lang/pt_server_config.lng
index 6b581c85939cbb7834919da94b4eed0017840a76..da9f5bc9b2e7032fa522a1368a293551348fa3f7 100644
--- a/interface/web/admin/lib/lang/pt_server_config.lng
+++ b/interface/web/admin/lib/lang/pt_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/ro_server_config.lng b/interface/web/admin/lib/lang/ro_server_config.lng
index e15c99fb675b9cdeec59cc30e8b19e0434a4fa5e..1f17aef2e176179f5e8ffec16ee554dfa7d5a114 100644
--- a/interface/web/admin/lib/lang/ro_server_config.lng
+++ b/interface/web/admin/lib/lang/ro_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/ru_server_config.lng b/interface/web/admin/lib/lang/ru_server_config.lng
index 3465d2120dc1a5d2aca98f5a38a47764931d1230..0b3bb2c44f69b29c93ce1f44e421a2c5643247d6 100644
--- a/interface/web/admin/lib/lang/ru_server_config.lng
+++ b/interface/web/admin/lib/lang/ru_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/se_server_config.lng b/interface/web/admin/lib/lang/se_server_config.lng
index 9bbbcc80ac3c6db18c57385e544563ccd7b43185..f273f51214178a6bd8aa0e192e7986d73beb55c5 100644
--- a/interface/web/admin/lib/lang/se_server_config.lng
+++ b/interface/web/admin/lib/lang/se_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/sk_server_config.lng b/interface/web/admin/lib/lang/sk_server_config.lng
index 1b96cf57adb73b731bd17ab070bde1603d079db0..6160565a02430af48a4a49cda2af6aa7ca36a258 100644
--- a/interface/web/admin/lib/lang/sk_server_config.lng
+++ b/interface/web/admin/lib/lang/sk_server_config.lng
@@ -326,3 +326,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/lib/lang/tr_server_config.lng b/interface/web/admin/lib/lang/tr_server_config.lng
index 84210ce9b8229a5eb8461d42089649c7adcc0ba7..c5f376f78ff5621c8590ff23d8e83485f7c6e68f 100644
--- a/interface/web/admin/lib/lang/tr_server_config.lng
+++ b/interface/web/admin/lib/lang/tr_server_config.lng
@@ -320,3 +320,4 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['firewall_placeholder'] = 'Firewall Placeholder';
diff --git a/interface/web/admin/templates/firewall_edit.htm b/interface/web/admin/templates/firewall_edit.htm
index 07fe3d0ff52e3e3a8e0748b1e13a0b9674aa2b02..bb5b0d921e1421915e81c91fc7a986f1a52266c4 100644
--- a/interface/web/admin/templates/firewall_edit.htm
+++ b/interface/web/admin/templates/firewall_edit.htm
@@ -1,26 +1,33 @@
-            <div class="form-group">
-                <label for="server_id" class="col-sm-3 control-label">{tmpl_var name='server_id_txt'}</label>
-                <div class="col-sm-9"><select name="server_id" id="server_id" class="form-control">
-                    {tmpl_var name='server_id'}
-                </select></div>
-            </div>
-            <div class="form-group">
-                <label for="tcp_port" class="col-sm-3 control-label">{tmpl_var name='tcp_port_txt'}</label>
-                <div class="col-sm-9"><input type="text" name="tcp_port" id="tcp_port" value="{tmpl_var name='tcp_port'}" class="form-control" /></div></div>
-            <div class="form-group">
-                <label for="udp_port" class="col-sm-3 control-label">{tmpl_var name='udp_port_txt'}</label>
-                <div class="col-sm-9"><input type="text" name="udp_port" id="udp_port" value="{tmpl_var name='udp_port'}" class="form-control" /></div></div>
-            <div class="form-group">
-                <label class="col-sm-3 control-label">{tmpl_var name='active_txt'}</label>
-                <div class="col-sm-9">
-                    {tmpl_var name='active'}
-                </div>
-            </div>
-        
-            
-        <input type="hidden" name="id" value="{tmpl_var name='id'}">
+<div class='page-header'>
+	<h1><tmpl_var name="list_head_txt"></h1>
+</div>
+<p><tmpl_var name="list_desc_txt"></p>
+
+<div class="form-group">
+	<label for="server_id" class="col-sm-3 control-label">{tmpl_var name='server_id_txt'}</label>
+	<div class="col-sm-9"><select name="server_id" id="server_id" class="form-control">{tmpl_var name='server_id'}</select></div></div>
+	<div class="form-group">
+		<label for="tcp_port" class="col-sm-3 control-label">{tmpl_var name='tcp_port_txt'}</label>
+		<div class="col-sm-9"><input type="text" name="tcp_port" id="tcp_port" value="{tmpl_var name='tcp_port'}" class="form-control" />
+			Firewall TCP: <a href="javascript:void(0);" class="addPlaceholder">{AUTO},</a> <a href="javascript:void(0);" class="addPlaceholder">{FTP},</a> <a href="javascript:void(0);" class="addPlaceholder">{MAIL},</a> <a href="javascript:void(0);" class="addPlaceholder">{DNS},</a> <a href="javascript:void(0);" class="addPlaceholder">{WEB},</a> <a href="javascript:void(0);" class="addPlaceholder">{ISPCONFIG},</a> <a href="javascript:void(0);" class="addPlaceholder">{CUSTOM_TCP},</a><br />
+		</div>
+	</div>
             
-        <div class="clear"><div class="right">
-            <button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="admin/firewall_edit.php">{tmpl_var name='btn_save_txt'}</button>
-            <button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="admin/firewall_list.php">{tmpl_var name='btn_cancel_txt'}</button>
-        </div></div>
+	<div class="form-group">
+		<label for="udp_port" class="col-sm-3 control-label">{tmpl_var name='udp_port_txt'}</label>
+		<div class="col-sm-9"><input type="text" name="udp_port" id="udp_port" value="{tmpl_var name='udp_port'}" class="form-control" />
+			Firewall UDP: <a href="javascript:void(0);" class="addPlaceholder">{AUTO},</a> <a href="javascript:void(0);" class="addPlaceholder">{DNS},</a>  <a href="javascript:void(0);" class="addPlaceholder">{CUSTOM_UDP},</a><br />
+		</div>
+	</div>
+	<div class="form-group">
+		<label class="col-sm-3 control-label">{tmpl_var name='active_txt'}</label>
+		<div class="col-sm-9">{tmpl_var name='active'}</div>
+	</div>
+</div>    
+
+<input type="hidden" name="id" value="{tmpl_var name='id'}">
+        
+<div class="clear"><div class="right">
+		<button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="admin/firewall_edit.php">{tmpl_var name='btn_save_txt'}</button>
+		<button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="admin/firewall_list.php">{tmpl_var name='btn_cancel_txt'}</button>
+</div></div>
diff --git a/interface/web/admin/templates/firewall_list.htm b/interface/web/admin/templates/firewall_list.htm
index b40414a5daf5fc771e773ccfc916699ac220c6fb..fb89fc0e80407e1466c7125735919c08e4617fba 100644
--- a/interface/web/admin/templates/firewall_list.htm
+++ b/interface/web/admin/templates/firewall_list.htm
@@ -2,61 +2,47 @@
 	<h1><tmpl_var name="list_head_txt"></h1>
 </div>
 <p><tmpl_var name="list_desc_txt"></p>
-
-
-        <p class="fieldset-legend">{tmpl_var name="toolsarea_head_txt"}</p>
-            
-                <button class="btn btn-default formbutton-success" type="button" data-load-content="admin/firewall_edit.php">{tmpl_var name="add_new_record_txt"}</button>
-            
-        
-
-    
-        <p class="fieldset-legend"><tmpl_var name="list_head_txt"></p>
-            <div class="table-wrapper marginTop15">
-<table class="table">
-                <thead class="dark form-group-sm">
-                    <tr>
-                        <th class="tiny-col" data-column="active"><tmpl_var name="active_txt"></th>
-                        <th data-column="server_id"><tmpl_var name="server_id_txt"></th>
-                        <th data-column="tcp_port"><tmpl_var name="tcp_port_txt"></th>
-                        <th data-column="udp_port"><tmpl_var name="udp_port_txt"></th>
-                        <th class="small-col text-right">{tmpl_var name='search_limit'}</th>
-                    </tr>
-                    <tr>
-                        <td><select class="form-control" name="search_active">{tmpl_var name='search_active'}</select></td>
-                        <td><select class="form-control" name="search_server_id">{tmpl_var name='search_server_id'}</select></td>
-                        <td><input class="form-control" type="text" name="search_tcp_port" value="{tmpl_var name='search_tcp_port'}" /></td>
-                        <td><input class="form-control" type="text" name="search_udp_port" value="{tmpl_var name='search_udp_port'}" /></td>
-                        <td class="text-right">
-                            <button type="button" class="btn btn-default formbutton-default formbutton-narrow" name="Filter" id="Filter" value="{tmpl_var name="filter_txt"}" data-submit-form="pageForm" data-form-action="admin/firewall_list.php"><span class="icon icon-filter"></span></button>
-                        </td>
-                    </tr>
-                </thead>
-                <tbody>
-                    <tmpl_loop name="records">
-                        <tr>
-                            <td><a href="#" data-load-content="admin/firewall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="active"}</a></td>
-                            <td><a href="#" data-load-content="admin/firewall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="server_id"}</a></td>
-                            <td><a href="#" data-load-content="admin/firewall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="tcp_port"}</a></td>
-                            <td><a href="#" data-load-content="admin/firewall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="udp_port"}</a></td>
-                            <td class="text-right">
-                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/firewall_del.php?id={tmpl_var name='id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
-                            </td>
-                        </tr>
-                    </tmpl_loop>
-                    <tmpl_unless name="records">
-                        <tr class="tbl_row_noresults tbl_row_<tmpl_if name='__EVEN__'}even<tmpl_else>uneven</tmpl_if>">
-                            <td colspan="5">{tmpl_var name='globalsearch_noresults_text_txt'}</td>
-                        </tr>
-                    </tmpl_unless>
-                </tbody>
-
-                <tfoot>
-                    <tr>
-                    <td colspan="5"><tmpl_var name="paging"></td>
-                    </tr>
-                </tfoot>
-            </table>
+<p class="fieldset-legend">{tmpl_var name="toolsarea_head_txt"}</p>
+<button class="btn btn-default formbutton-success" type="button" data-load-content="admin/firewall_edit.php">{tmpl_var name="add_new_record_txt"}</button>
+<p class="fieldset-legend"><tmpl_var name="list_head_txt"></p>
+<div class="table-wrapper marginTop15">
+	<table class="table">
+	<thead class="dark form-group-sm">
+		<tr>
+			<th class="tiny-col" data-column="active"><tmpl_var name="active_txt"></th>
+			<th data-column="server_id"><tmpl_var name="server_id_txt"></th>
+			<th data-column="tcp_port"><tmpl_var name="tcp_port_txt"></th>
+			<th data-column="udp_port"><tmpl_var name="udp_port_txt"></th>
+			<th class="small-col text-right">{tmpl_var name='search_limit'}</th>
+		</tr>
+		<tr>
+			<td><select class="form-control" name="search_active">{tmpl_var name='search_active'}</select></td>
+			<td><select class="form-control" name="search_server_id">{tmpl_var name='search_server_id'}</select></td>
+			<td><input class="form-control" type="text" name="search_tcp_port" value="{tmpl_var name='search_tcp_port'}" /></td>
+			<td><input class="form-control" type="text" name="search_udp_port" value="{tmpl_var name='search_udp_port'}" /></td>
+			<td class="text-right">
+				<button type="button" class="btn btn-default formbutton-default formbutton-narrow" name="Filter" id="Filter" value="{tmpl_var name="filter_txt"}" data-submit-form="pageForm" data-form-action="admin/firewall_list.php"><span class="icon icon-filter"></span></button>
+			</td>
+		</tr>
+	</thead>
+	<tbody>
+	<tmpl_loop name="records">
+		<tr>
+			<td><a href="#" data-load-content="admin/firewall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="active"}</a></td>
+			<td><a href="#" data-load-content="admin/firewall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="server_id"}</a></td>
+			<td><a href="#" data-load-content="admin/firewall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="tcp_port"}</a></td>
+			<td><a href="#" data-load-content="admin/firewall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="udp_port"}</a></td>
+			<td class="text-right">
+				<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/firewall_del.php?id={tmpl_var name='id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
+			</td>
+		</tr>
+		</tmpl_loop>
+		<tmpl_unless name="records">
+		<tr class="tbl_row_noresults tbl_row_<tmpl_if name='__EVEN__'}even<tmpl_else>uneven</tmpl_if>"><td colspan="5">{tmpl_var name='globalsearch_noresults_text_txt'}</td></tr>
+		</tmpl_unless>
+	</tbody>
+	<tfoot><tr><td colspan="5"><tmpl_var name="paging"></td></tr></tfoot>
+	</table>
 </div>
         
-    
\ No newline at end of file
+    
diff --git a/interface/web/admin/templates/server_config_firewall_placeholder.htm b/interface/web/admin/templates/server_config_firewall_placeholder.htm
new file mode 100644
index 0000000000000000000000000000000000000000..df727235139cef632ab2becbd774b1aad8666b86
--- /dev/null
+++ b/interface/web/admin/templates/server_config_firewall_placeholder.htm
@@ -0,0 +1,8 @@
+<tmpl_if name="server_name" op="!=" value=""><div class="alert alert-info"><h4 style="text-align:center"><tmpl_var name="config_for_txt"> {tmpl_var name='server_name'}</h4></div></tmpl_if>
+	{tmpl_var name='placeholder_records'}
+<input type="hidden" name="id" value="{tmpl_var name='id'}">
+<div class="clear"><div class="right">
+	<button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="admin/server_config_edit.php">{tmpl_var name='btn_save_txt'}</button>
+ 	<button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="admin/server_config_list.php">{tmpl_var name='btn_cancel_txt'}</button>
+</div></div>
+
diff --git a/interface/web/admin/templates/server_config_firewall_placeholder_edit.htm b/interface/web/admin/templates/server_config_firewall_placeholder_edit.htm
new file mode 100644
index 0000000000000000000000000000000000000000..9602975452c81ab8c4b37f9251c02dc5b8834876
--- /dev/null
+++ b/interface/web/admin/templates/server_config_firewall_placeholder_edit.htm
@@ -0,0 +1,6 @@
+<tmpl_loop name="records">
+<div class="form-group">
+	<label for="service" class="col-sm-2 control-label">{tmpl_var name='service'}</label>
+	<div class="col-sm-5"><input type="text" name={tmpl_var name='service'} id={tmpl_var name='service'} value="{tmpl_var name='ports'}" class="form-control" /></div>
+</div>
+</tmpl_loop>
diff --git a/server/plugins-available/firewall_plugin.inc.php b/server/plugins-available/firewall_plugin.inc.php
index b924f43a2620a35813aebee9a3bb5a082f99daab..c42d7e39308908d9f8db67b6a8508478dc4b22d9 100644
--- a/server/plugins-available/firewall_plugin.inc.php
+++ b/server/plugins-available/firewall_plugin.inc.php
@@ -106,19 +106,13 @@ class firewall_plugin {
 	private function ufw_update($event_name, $data) {
 		global $app, $conf;
 
-		$app->uses('system');
-
 		if(!$app->system->is_installed('ufw')) {
 			$app->log('UFW Firewall is not installed', LOGLEVEL_WARN);
 			return false;
 		}
 
-		exec('ufw --version', $out);
-		$parts = explode(' ', $out[0]);
-		$ufwversion = $parts[1];
-		unset($parts);
-		unset($out);
-
+		$app->system->exec_safe('ufw --version');
+		$ufwversion = explode(' ', $app->system->last_exec_out()[0])[1];
 		if(version_compare( $ufwversion , '0.30') < 0) {
 			$app->log('The installed UFW Firewall version is too old. Minimum required version 0.30', LOGLEVEL_WARN);
 			return false;
@@ -126,21 +120,50 @@ class firewall_plugin {
 
 		//* Basic firewall setup when the firewall is added the first time
 		if($event_name == 'firewall_insert') {
-			exec('ufw --force disable');
-			exec('ufw --force reset');
-			exec('ufw default deny incoming');
-			exec('ufw default allow outgoing');
+			$app->system->exec_safe('ufw --force disable');
+			$app->system->exec_safe('ufw --force reset');
+			$app->system->exec_safe('ufw default deny incoming');
+			$app->system->exec_safe('ufw default allow outgoing');
 		}
 
+		$data = $this->placeholder($data);
+
 		$tcp_ports_new = $this->clean_ports($data['new']['tcp_port'], ',');
-		$tcp_ports_old = $this->clean_ports($data['old']['tcp_port'], ',');
 		$udp_ports_new = $this->clean_ports($data['new']['udp_port'], ',');
-		$udp_ports_old = $this->clean_ports($data['old']['udp_port'], ',');
-
 		$tcp_ports_new_array = explode(',', $tcp_ports_new);
-		$tcp_ports_old_array = explode(',', $tcp_ports_old);
 		$udp_ports_new_array = explode(',', $udp_ports_new);
-		$udp_ports_old_array = explode(',', $udp_ports_old);
+
+		//* get current firewall-rules
+		$tcp_ports_old_array = array();
+		$udp_ports_old_array = array();
+		$app->system->exec_safe('ufw status');
+		if($app->system->last_exec_out()[0] == 'Status: inactive') {
+			//ufw is inactive - force start after updates
+			$force_ufw = true;
+		} else {
+			$force_ufw = false;
+		}
+
+		foreach($app->system->last_exec_out() as $rule) {
+			if($rule !== '' && ctype_digit($rule[0])) {
+				$temp = explode('/', $rule);
+				if (strpos($temp[1], 'tcp') === 0) {
+					$tcp_ports_old_array[] = $temp[0];
+				} else {
+					$udp_ports_old_array[] = $temp[0];;
+				}
+				unset($temp);
+			}
+		}
+		$tcp_ports_old_array = array_unique($tcp_ports_old_array);
+		$tcp_ports_old_array = array_unique($tcp_ports_old_array);
+/*
+		$req_ports=array('22', '5666');
+		foreach($req_ports as $req) {
+			if(!in_array($req, $tcp_ports_new_array)) $tcp_ports_new_array[]=$req;
+			if(!in_array($req, $udp_ports_new_array)) $udp_ports_new_array[]=$req;
+		}
+*/
 
 		//* add tcp ports
 		foreach($tcp_ports_new_array as $port) {
@@ -180,19 +203,24 @@ class firewall_plugin {
 
 		if($data['new']['active'] == 'y') {
 			if($data['new']['active'] == $data['old']['active']) {
-				exec('ufw reload');
-				$app->log('Reloading the firewall', LOGLEVEL_DEBUG);
+				if($force_ufw) {
+					$app->system->exec_safe('ufw --force enable');
+					$app->log('Starting the firewall', LOGLEVEL_DEBUG);
+				} else {
+					$app->system->exec_safe('ufw reload');
+					$app->log('Reloading the firewall', LOGLEVEL_DEBUG);
+				}
 			} else {
 				//* Ensure that bastille firewall is stopped
-				exec($conf['init_scripts'] . '/' . 'bastille-firewall stop 2>/dev/null');
-				if(@is_file('/etc/debian_version')) exec('update-rc.d -f bastille-firewall remove');
+				if(@is_file($conf['init_scripts'] . '/' . 'bastille-firewall')) $app->system->exec_safe($conf['init_scripts'] . '/' . 'bastille-firewall stop 2>/dev/null');
+				if(@is_file('/etc/debian_version')) $app->system->exec_safe('update-rc.d -f bastille-firewall remove');
 
 				//* Start ufw firewall
-				exec('ufw --force enable');
+				$app->system->exec_safe('ufw --force enable');
 				$app->log('Starting the firewall', LOGLEVEL_DEBUG);
 			}
 		} else {
-			exec('ufw disable');
+			$app->system->exec_safe('ufw disable');
 			$app->log('Stopping the firewall', LOGLEVEL_DEBUG);
 		}
 	}
@@ -216,7 +244,7 @@ class firewall_plugin {
 	private function bastille_update($event_name, $data) {
 		global $app, $conf;
 
-		$app->uses('system');
+		$data = $this->placeholder($data);
 
 		$tcp_ports = $this->clean_ports($data['new']['tcp_port'], ' ');
 		$udp_ports = $this->clean_ports($data['new']['udp_port'], ' ');
@@ -235,38 +263,33 @@ class firewall_plugin {
 		if($data['new']['active'] == 'y') {
 			//* ensure that ufw firewall is disabled in case both firewalls are installed
 			if($app->system->is_installed('ufw')) {
-				exec('ufw disable');
+				$app->system->exec_safe('ufw disable');
 			}
-			exec($conf['init_scripts'] . '/' . 'bastille-firewall restart 2>/dev/null');
-			if(@is_file('/etc/debian_version')) exec('update-rc.d bastille-firewall defaults');
-			if(@is_file('/sbin/insserv')) exec('insserv -d bastille-firewall');
+			$app->system->exec_safe($conf['init_scripts'] . '/' . 'bastille-firewall restart 2>/dev/null');
+			if(@is_file('/etc/debian_version')) $app->system->exec_safe('update-rc.d bastille-firewall defaults');
+			if(@is_file('/sbin/insserv')) $app->system->exec_safe('insserv -d bastille-firewall');
 			$app->log('Restarting the firewall', LOGLEVEL_DEBUG);
 		} else {
-			exec($conf['init_scripts'] . '/' . 'bastille-firewall stop 2>/dev/null');
-			if(@is_file('/etc/debian_version')) exec('update-rc.d -f bastille-firewall remove');
-			if(@is_file('/sbin/insserv')) exec('insserv -r -f bastille-firewall');
+			$app->system->exec_safe($conf['init_scripts'] . '/' . 'bastille-firewall stop 2>/dev/null');
+			if(@is_file('/etc/debian_version')) $app->system->exec_safe('update-rc.d -f bastille-firewall remove');
+			if(@is_file('/sbin/insserv')) $app->system->exec_safe('insserv -r -f bastille-firewall');
 			$app->log('Stopping the firewall', LOGLEVEL_DEBUG);
 		}
-
-
 	}
 
 	private function bastille_delete($event_name, $data) {
 		global $app, $conf;
 
-		exec($conf['init_scripts'] . '/' . 'bastille-firewall stop 2>/dev/null');
-		if(@is_file('/etc/debian_version')) exec('update-rc.d -f bastille-firewall remove');
-		if(@is_file('/sbin/insserv')) exec('insserv -r -f bastille-firewall');
+		if(@is_file($conf['init_scripts'] . '/' . 'bastille-firewall')) $app->system->exec_safe($conf['init_scripts'] . '/' . 'bastille-firewall stop 2>/dev/null');
+		if(@is_file('/etc/debian_version')) $app->system->exec_safe('update-rc.d -f bastille-firewall remove');
+		if(@is_file('/sbin/insserv')) $app->system->exec_safe('insserv -r -f bastille-firewall');
 		$app->log('Stopping the firewall', LOGLEVEL_DEBUG);
-
 	}
 
-
-	private function clean_ports($portlist, $spacer) {
+	private function clean_ports($portlist, $seperator) {
 
 		$ports = explode(',', $portlist);
 		$ports_out = '';
-
 		if(is_array($ports)) {
 			foreach($ports as $p) {
 				$p_clean = '';
@@ -283,14 +306,80 @@ class firewall_plugin {
 						$p_clean = $tmp;
 					}
 				}
-				if($p_clean != '') $ports_out .= $p_clean . $spacer;
+				if($p_clean != '') $ports_out .= $p_clean . $seperator;
+
+			}
+		}
+		return substr($ports_out, 0, strlen($seperator)*-1);
+	}
 
+	private function auto_ports($records, $type, $server) {
+		global $app, $conf;
+		
+		$ports = array();
+		if($type == 'tcp') {
+			if($conf['server_id'] == 1) {
+				$check = $app->db->queryOneRecord('SELECT count(server_id) as c FROM server')['c'];
+				if($check > 1) $records['ISPCONFIG'][] = 3306;
+				$ports[] = implode(',', $records['ISPCONFIG']);
+			}
+			if($server['mail_server'] == 1) {
+				$ports[] = implode(',', $records['MAIL']);
+				// check for rspamd
+				$app->uses('getconf,system,functions');
+				$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
+				if($mail_config['content_filter'] == 'rspamd') {
+					$ports[] = implode(',', $records['RSPAMD']);
+				}
+			}
+			if($server['dns_server'] == 1) $ports[] = implode(',', $records['DNS']);
+			if($server['web_server'] == 1) {
+				$ports[] = implode(',', $records['FTP']);
+				$ports[] = implode(',', $records['WEB']);
+			}
+			if($server['db_server'] == 1) {
+				$tmp = $app->db->queryOneRecord("SELECT count(server_id) as number from web_database where active = 'y' AND remote_access = 'y' AND server_id = ?", $conf['server_id']);
+				if($tmp['number'] > 0) $ports[] = 3306;
 			}
+		} elseif($type == 'udp') {
+			if($server['dns_server'] == 1) $ports[] = implode(',', $records['DNS']);
 		}
-		return substr($ports_out, 0, strlen($spacer)*-1);
+
+		return(implode(',', $ports));
 	}
 
+	private function placeholder($data) {
+		global $app, $conf;
+
+		$temp = $app->db->queryOneRecord('SELECT firewall_placeholder FROM server WHERE server_id = ?', $conf['server_id']);
+		$records = json_decode($temp['firewall_placeholder'], true);
+		foreach($records as $idx=>$val) $placeholders['{'.$idx.'}'] = $val;
+		$_replace = array();
+		foreach($placeholders as $placeholder => $ports) {
+			$_search[] = $placeholder;
+			$_replace[] = implode(',', $ports);
+		}
 
+		$server = $app->db->queryOneRecord('SELECT * FROM server WHERE server_id = ?', $conf['server_id']);
+		if($data['new']['tcp_port'] != '' || $data['old']['tcp_port'] != '') {
+			$search = $_search;
+			$replace = $_replace;
+			$search[] = '{AUTO}';
+			$replace[] = $this->auto_ports($records, 'tcp', $server);
+			$data['new']['tcp_port'] = str_replace($search, $replace, $data['new']['tcp_port']);
+			$data['old']['tcp_port'] = str_replace($search, $replace, $data['old']['tcp_port']);	
+		}
+		if($data['new']['udp_port'] != '' || $data['old']['udp_port'] != '') {
+			$search = $_search;
+			$replace = $_replace;
+			$search[] = '{AUTO}';
+			$replace[] = $this->auto_ports($records, 'udp', $server);
+			$data['new']['udp_port'] = str_replace($search, $replace, $data['new']['udp_port']);
+			$data['old']['udp_port'] = str_replace($search, $replace, $data['old']['udp_port']);
+		}
+	
+		return $data;	
+	}
 
 } // end class