Control Web Panel

Security => CSF Firewall => Topic started by: Steff on July 24, 2020, 07:18:55 PM

Title: My firewall is off and i can't turn it on
Post by: Steff on July 24, 2020, 07:18:55 PM

Hi guys,
I noticed that my firewall was off and so I tried to turn it on but it wouldn't. I then tried to restart the services and still it is off and then I tried to force the restart of services and still it is set to off.
I did get a message saying

Quote

[root@server ~]# csf -e
csf and lfd are not disabled!

and that is a bit puzzling as the firewall is actually off.
I have (although I really didn't want to) rebooted the server and still the firewall is off.
Any help with this is much appreciated.

Title: Re: My firewall is off and i can't turn it on
Post by: cinique on July 25, 2020, 10:40:30 AM

TESTING=0

Spoon-feeding:
https://www.vpsserver.com/community/tutorials/11/install-and-configure-csf-configserver-firewall-on-centos7-64bit/
https://download.configserver.com/csf/readme.txt

Title: Re: My firewall is off and i can't turn it on
Post by: Steff on July 26, 2020, 06:29:18 PM

Thanks for the reply cynique
I did already have the testing set to zero and firewalld was also disabled.
I have since fixed this but never actually gotten to the real reason for the problem. From what I could see the issue stems from country ip blocking, but in the end I was forced to reinstall CSF and reboot the server as forcing the services to restart wouldn't work.

Title: Re: My firewall is off and i can't turn it on
Post by: cinique on July 26, 2020, 06:43:50 PM

If you have a dynamic IP address at your client machine (home PC/laptop) then sign up for a dynamic IP service (ex. no-ip.org). Add this new FQDN to /etc/csf/csf.dyndns. Then set CSF DYNDNS_IGNORE=1 and DYNDNS_INTERVAL=600 - you'll not get locked out again.

A reboot is normal, when (re)installing a firewall due to the low-level interaction with the kernel and iptables.

Title: Re: My firewall is off and i can't turn it on
Post by: Steff on July 26, 2020, 07:49:29 PM

Quote from: cynique on July 26, 2020, 06:43:50 PM

If you have a dynamic IP address at your client machine (home PC/laptop) then sign up for a dynamic IP service (ex. no-ip.org). Add this new FQDN to /etc/csf/csf.dyndns. Then set CSF DYNDNS_IGNORE=1 and DYNDNS_INTERVAL=600 - you'll not get locked out again.

A reboot is normal, when (re)installing a firewall due to the low-level interaction with the kernel and iptables.

I have static ip's but that is good advise for others should they have dynamic ip's. I never got locked out of the firewall as I added the static ip's of my locations to the list. CSF was just being a bit stubborn ;)

Title: Re: My firewall is off and i can't turn it on
Post by: CamposMansi on September 23, 2020, 09:15:40 PM

did you solve it? mine does not start

Title: Re: My firewall is off and i can't turn it on
Post by: CamposMansi on September 24, 2020, 05:59:59 AM

I already solved it, mine was due to Mod_Security, the firewall blocked