Control Web Panel

Security => CSF Firewall => Topic started by: ereo on October 02, 2014, 05:37:26 AM

Title: error on firewall
Post by: ereo on October 02, 2014, 05:37:26 AM
Hi
i'm new on CWP, after instalation CWp everything seems good but not with firewall, i'd enabling firewall but after back to dashboard still show on status "OFF"
Title: Re: error on firewall
Post by: Administrator on October 03, 2014, 09:56:05 PM
when you enable firewall  what kind of message do you get ?
Title: Re: error on firewall
Post by: MikaR on January 10, 2015, 02:04:39 PM
Hey!

my CMP - CSF FIREWALL  is not work good and send this error when a active then.


csf and lfd are not disabled!


and when a am restart that

Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
csf: FASTSTART loading DROP no logging (IPv4)
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *TCP_OUT Blocked* '
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *UDP_OUT Blocked* '
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0 
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0 
DENYOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0 
DENYIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0 
ALLOWOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0 
ALLOWIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0 
csf: FASTSTART loading Packet Filter (IPv4)
Error: FASTTART: (Packet Filter IPv4) [] [iptables-restore: line 14 failed]. Try restarting csf with FASTSTART disabled, at line 4291


My CentOS versio is CentOS release 6.6 (Final) and kernel versio is 2.6.32-34-pve / i686 [openvz]

What is prolems this system?? How fix tha...  :o
Title: Re: error on firewall
Post by: MikaR on January 10, 2015, 06:27:53 PM
This proplems is solvet only install next case

vzctl set 101 --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save

and reboot openvz container
Title: Re: error on firewall
Post by: locvfx on May 15, 2017, 04:25:29 PM
Important, if you are using centos 7 : you need to disable default firewalld (shipped with Centos 7)
Quote
systemctl disable firewalld
systemctl stop firewalld

Then, Just simply disable csf

Quote
csf -x

And then re-enable it in CWP (on browser)
Title: Re: error on firewall
Post by: 2x2 on January 15, 2020, 04:51:57 PM
MikaR thank you.
I turned it on, but every day I have to do this procedure. The firewall on the panel is disabled.
What could be the problem? Maybe it's because I installed a firewall in CentOS? Later, I stopped and turned it off...
Title: Re: error on firewall
Post by: anandmys on May 15, 2020, 04:01:14 AM
Important, if you are using centos 7 : you need to disable default firewalld (shipped with Centos 7)
Quote
systemctl disable firewalld
systemctl stop firewalld

Then, Just simply disable csf

Quote
csf -x

And then re-enable it in CWP (on browser)

Thank you. This helped me
Title: Re: error on firewall
Post by: imgrooot on June 17, 2023, 02:29:32 AM
Important, if you are using centos 7 : you need to disable default firewalld (shipped with Centos 7)
Quote
systemctl disable firewalld
systemctl stop firewalld

Then, Just simply disable csf

Quote
csf -x

And then re-enable it in CWP (on browser)

This helped me as well. Thank you