Control Web Panel
Security => CSF Firewall => Topic started by: Steff on July 24, 2020, 07:18:55 PM
-
Hi guys,
I noticed that my firewall was off and so I tried to turn it on but it wouldn't. I then tried to restart the services and still it is off and then I tried to force the restart of services and still it is set to off.
I did get a message saying [root@server ~]# csf -e
csf and lfd are not disabled!
and that is a bit puzzling as the firewall is actually off.
I have (although I really didn't want to) rebooted the server and still the firewall is off.
Any help with this is much appreciated.
-
TESTING=0
Spoon-feeding:
https://www.vpsserver.com/community/tutorials/11/install-and-configure-csf-configserver-firewall-on-centos7-64bit/
https://download.configserver.com/csf/readme.txt
-
Thanks for the reply cynique
I did already have the testing set to zero and firewalld was also disabled.
I have since fixed this but never actually gotten to the real reason for the problem. From what I could see the issue stems from country ip blocking, but in the end I was forced to reinstall CSF and reboot the server as forcing the services to restart wouldn't work.
-
If you have a dynamic IP address at your client machine (home PC/laptop) then sign up for a dynamic IP service (ex. no-ip.org). Add this new FQDN to /etc/csf/csf.dyndns. Then set CSF DYNDNS_IGNORE=1 and DYNDNS_INTERVAL=600 - you'll not get locked out again.
A reboot is normal, when (re)installing a firewall due to the low-level interaction with the kernel and iptables.
-
If you have a dynamic IP address at your client machine (home PC/laptop) then sign up for a dynamic IP service (ex. no-ip.org). Add this new FQDN to /etc/csf/csf.dyndns. Then set CSF DYNDNS_IGNORE=1 and DYNDNS_INTERVAL=600 - you'll not get locked out again.
A reboot is normal, when (re)installing a firewall due to the low-level interaction with the kernel and iptables.
I have static ip's but that is good advise for others should they have dynamic ip's. I never got locked out of the firewall as I added the static ip's of my locations to the list. CSF was just being a bit stubborn ;)
-
did you solve it? mine does not start
-
I already solved it, mine was due to Mod_Security, the firewall blocked