Author Topic: My firewall is off and i can't turn it on  (Read 264 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
My firewall is off and i can't turn it on
« on: July 24, 2020, 07:18:55 PM »
Hi guys,
I noticed that my firewall was off and so I tried to turn it on but it wouldn't. I then tried to restart the services and still it is off and then I tried to force the restart of services and still it is set to off.
I did get a message saying
Quote
[root@server ~]# csf -e
csf and lfd are not disabled!
and that is a bit puzzling as the firewall is actually off.
I have (although I really didn't want to) rebooted the server and still the firewall is off.
Any help with this is much appreciated.

Offline
**
« Last Edit: July 25, 2020, 10:42:36 AM by cynique »

Offline
*
Re: My firewall is off and i can't turn it on
« Reply #2 on: July 26, 2020, 06:29:18 PM »
Thanks for the reply cynique
I did already have the testing set to zero and firewalld was also disabled.
I have since fixed this but never actually gotten to the real reason for the problem. From what I could see the issue stems from country ip blocking, but in the end I was forced to reinstall CSF and reboot the server as forcing the services to restart wouldn't work.

Offline
**
Re: My firewall is off and i can't turn it on
« Reply #3 on: July 26, 2020, 06:43:50 PM »
If you have a dynamic IP address at your client machine (home PC/laptop) then sign up for a dynamic IP service (ex. no-ip.org). Add this new FQDN to /etc/csf/csf.dyndns. Then set CSF DYNDNS_IGNORE=1 and DYNDNS_INTERVAL=600 - you'll not get locked out again.

A reboot is normal, when (re)installing a firewall due to the low-level interaction with the kernel and iptables.

Offline
*
Re: My firewall is off and i can't turn it on
« Reply #4 on: July 26, 2020, 07:49:29 PM »
If you have a dynamic IP address at your client machine (home PC/laptop) then sign up for a dynamic IP service (ex. no-ip.org). Add this new FQDN to /etc/csf/csf.dyndns. Then set CSF DYNDNS_IGNORE=1 and DYNDNS_INTERVAL=600 - you'll not get locked out again.

A reboot is normal, when (re)installing a firewall due to the low-level interaction with the kernel and iptables.

I have static ip's but that is good advise for others should they have dynamic ip's. I never got locked out of the firewall as I added the static ip's of my locations to the list. CSF was just being a bit stubborn ;)