Control Web Panel

Security => CSF Firewall => Topic started by: ereo on October 02, 2014, 05:37:26 AM

Title: error on firewall
Post by: ereo on October 02, 2014, 05:37:26 AM

Hi
i'm new on CWP, after instalation CWp everything seems good but not with firewall, i'd enabling firewall but after back to dashboard still show on status "OFF"

Title: Re: error on firewall
Post by: Administrator on October 03, 2014, 09:56:05 PM

when you enable firewall  what kind of message do you get ?

Title: Re: error on firewall
Post by: MikaR on January 10, 2015, 02:04:39 PM

Hey!

my CMP - CSF FIREWALL  is not work good and send this error when a active then.


csf and lfd are not disabled!


and when a am restart that

Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
csf: FASTSTART loading DROP no logging (IPv4)
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *TCP_OUT Blocked* '
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *UDP_OUT Blocked* '
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0 
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0 
DENYOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0 
DENYIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0 
ALLOWOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0 
ALLOWIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0 
csf: FASTSTART loading Packet Filter (IPv4)
Error: FASTTART: (Packet Filter IPv4) [] [iptables-restore: line 14 failed]. Try restarting csf with FASTSTART disabled, at line 4291


My CentOS versio is CentOS release 6.6 (Final) and kernel versio is 2.6.32-34-pve / i686 [openvz]

What is prolems this system?? How fix tha...  :o

Title: Re: error on firewall
Post by: MikaR on January 10, 2015, 06:27:53 PM

This proplems is solvet only install next case

vzctl set 101 --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save

and reboot openvz container

Title: Re: error on firewall
Post by: locvfx on May 15, 2017, 04:25:29 PM

Important, if you are using centos 7 : you need to disable default firewalld (shipped with Centos 7)

Quote

systemctl disable firewalld
systemctl stop firewalld

Then, Just simply disable csf

Quote

csf -x

And then re-enable it in CWP (on browser)

Title: Re: error on firewall
Post by: 2x2 on January 15, 2020, 04:51:57 PM

MikaR thank you.
I turned it on, but every day I have to do this procedure. The firewall on the panel is disabled.
What could be the problem? Maybe it's because I installed a firewall in CentOS? Later, I stopped and turned it off...

Title: Re: error on firewall
Post by: anandmys on May 15, 2020, 04:01:14 AM

Quote from: locvfx on May 15, 2017, 04:25:29 PM

Important, if you are using centos 7 : you need to disable default firewalld (shipped with Centos 7)

Quote

systemctl disable firewalld
systemctl stop firewalld

Then, Just simply disable csf

Quote

csf -x

And then re-enable it in CWP (on browser)

Thank you. This helped me

Title: Re: error on firewall
Post by: imgrooot on June 17, 2023, 02:29:32 AM

Quote from: locvfx on May 15, 2017, 04:25:29 PM

Important, if you are using centos 7 : you need to disable default firewalld (shipped with Centos 7)

Quote

systemctl disable firewalld
systemctl stop firewalld

Then, Just simply disable csf

Quote

csf -x

And then re-enable it in CWP (on browser)

This helped me as well. Thank you

Title: Re: error on firewall
Post by: KurJay on July 21, 2024, 02:27:01 AM

[root@148 ~]# systemctl disable firewalld
Unit /etc/systemd/system/firewalld.service is masked, ignoring.
[root@148 ~]# systemctl stop firewalld
[root@148 ~]# csf -x
*Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/                                           iptables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/URLGet.pm line                                            26.
Compilation failed in require at /usr/sbin/csf line 21.
BEGIN failed--compilation aborted at /usr/sbin/csf line 21.
[root@148 ~]#


Hi Guys how we fixed it this is a fresh install CWP with AlmaLinux 8

Thanks

Title: Re: error on firewall
Post by: Starburst on July 21, 2024, 10:05:52 AM

What OS are you trying to run within OpenVZ?

OpenVZ was outdated awhile ago, and openvz.org doesn't even open for me.
Even their repo, redirects to https://bitbucket.org/openvz/workspace/repositories/ now.

Maybe try something newer like Proxmox with a AlmaLinux 8 or 9 environment for your testing.