Control Web Panel

Security => CSF Firewall => Topic started by: Reality on September 12, 2024, 05:39:17 PM

Title: When I turn on CSF Firewall, WireGuard (by weejewel/wg-easy) stops working.
Post by: Reality on September 12, 2024, 05:39:17 PM: Hello!
I am a lamer in Linux systems, so I use the CWP panel.
The system is installed Almalinux 9 and the CWP panel, I needed a VPN. I installed Wireguard with a script from weejewel/wg-easy (https://github.com/wg-easy/wg-easy/tree/master).
I used the following commands to run:
Code: [Select]
docker run -d --name=wg-easy -e WG_HOST=MY_IP -e UI_TRAFFIC_STATS=true -e WG_DEFAULT_DNS=8.8.8.8 -e PASSWORD=MY_PASS -v ~/.wg-easy:/etc/wireguard -p 51820:51820/udp -p 51821:51821/tcp --cap-add=NET_ADMIN --cap-add=SYS_MODULE --cap-add=NET_RAW --sysctl="net.ipv4.conf.all.src_valid_mark=1" --sysctl="net.ipv4.ip_forward=1" --restart unless-stopped weejewel/wg-easyEverything starts and works fine, but as soon as I turn on Firewall, the service immediately becomes unavailable, I turn off Firewall, it works again.
In the config "/etc/csf/csf.conf" I entered the ports in "TCP_IN, TCP_OUT =51821" and in "UDP_IN, UDP_OUT=51820". Restarted Firewall. Doesn't help. I don't understand what I did wrong.
Maybe someone can help with advice?

Thanks in advance and sorry for my bad English.
Title: Re: When I turn on CSF Firewall, WireGuard (by weejewel/wg-easy) stops working.
Post by: cyberspace on September 12, 2024, 06:33:31 PM: Check the log file:
Code: [Select]
/var/log/messagesfor the messages marked as "Firewall" and your WAN IP address (IP address you try to establish connection from) to identify the problem.
Title: Re: When I turn on CSF Firewall, WireGuard (by weejewel/wg-easy) stops working.
Post by: Reality on September 12, 2024, 09:08:06 PM: Quote from: cyberspace on September 12, 2024, 06:33:31 PM
Check the log file:
Code: [Select]
/var/log/messagesfor the messages marked as "Firewall" and your WAN IP address (IP address you try to establish connection from) to identify the problem.
Launched Firewall, the log shows that it has started. Then it blocks all sorts of IPs that are climbing, but my WAN IP is not there. I tried to connect many times and from different devices.
Title: Re: When I turn on CSF Firewall, WireGuard (by weejewel/wg-easy) stops working.
Post by: overseer on September 13, 2024, 01:44:01 AM: Are you not still allowing the CWP ports in CSF? You need at least 22, 2031, 2083, (and usually) 2087 open to be able to access your server.
Title: Re: When I turn on CSF Firewall, WireGuard (by weejewel/wg-easy) stops working.
Post by: Reality on September 13, 2024, 04:43:04 AM: Quote from: overseer on September 13, 2024, 01:44:01 AM
Are you not still allowing the CWP ports in CSF? You need at least 22, 2031, 2083, (and usually) 2087 open to be able to access your server.
(https://i.imgur.com/KWCzLIb.png)
I have access to server. After turning on Firewall, it continues to provide access only to Wireguard. For example, I have the ZNC service running, and I have no problem accessing it.
Title: Re: When I turn on CSF Firewall, WireGuard (by weejewel/wg-easy) stops working.
Post by: cyberspace on September 13, 2024, 05:34:11 PM: I haven't use WireGuard (by weejewel/wg-easy) personally. So I don't know how it works exactly but when I checked the page:
https://github.com/wg-easy/wg-easy/tree/master?tab=readme-ov-file
I found the script uses Docker to run VPN. Therefore I recommend you to chech the section "Docker Settings" of the file:
Code: [Select]
/etc/csf/csf.confand make sure it is configured accordingly.