Control Web Panel

WebPanel => CentOS-WebPanel GUI => Topic started by: yeknafar on July 26, 2018, 07:18:15 PM

Title: Another app is currently holding the xtables lock
Post by: yeknafar on July 26, 2018, 07:18:15 PM

Hello

I wanted to config IPtable.
I set the rule in /etc/sysctl.conf
I added this rule too iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP


As was said in :
https://javapipe.com/ddos/blog/iptables-ddos-protection/


I did this too:


iptables -P INPUT DROP
iptables -P FORWARD DROP

but now when I want to login to CWP it takes a about 3 minutes to let me in/
I think the problem is with the rule:
I want to detelet it but it says :

Another app is currently holding the xtables lock. Perhaps you want to use the -w option?

I think it doesnot stop.
When I use #service iptables stop
The output is:
Redirecting to /bin/systemctl stop iptables.service

Does it means Iptables has stoped?
After that I can not enter the CWP quicker.
I think Iptables was not installed. I used yum and installed it. maybe it caused the problem..


How can I solve it

Thanks
Title: Re: Another app is currently holding the xtables lock
Post by: studio4host on July 27, 2018, 11:46:15 AM
you should use CSF to manage your firewall rules

this command will show you most of the active rules
iptables -L 

anyway, you shouldn't configure anything on the firewall if you don't know what you need to block as this can cause additional issues and server can be even slower during the ddos/dos attack.