Author Topic: License cwp bought, problem with csf  (Read 169 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
License cwp bought, problem with csf
« on: August 06, 2017, 09:47:14 AM »
I bought a cwp license.

I installed on my VPS, and I have a problem with csf.

When I activate csf I get this error message:

Quote
Status: You have an unresolved error when starting csf:
Error: FASTSTART: (Packet Filter IPv4) [] [iptables-restore: line 14 failed]. Try restarting csf with FASTSTART disabled, at line 5083 in /usr/sbin/csf

You need to restart csf successfully to remove this warning, or delete /etc/csf/csf.error

Enable firewall
[root@server ~]# csf -e
csf and lfd are not disabled!

I put:

Quote
FASTSTART = "0"

I activate csf, and I have this error message:

Quote
Running /usr/local/csf/bin/csfpost.sh
*ERROR* line:[1663]
Command:[/sbin/iptables  -v -A INVALID -m state --state INVALID -j INVDROP]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[1672]
Command:[/sbin/iptables  -v -A INVALID -p tcp ! --syn -m state --state NEW -j INVDROP]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2680]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -m state --state ESTABLISHED,RELATED -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2681]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -m state --state ESTABLISHED,RELATED -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 20 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 21 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 22 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 25 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 53 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 80 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 110 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 143 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 443 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 465 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 587 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 993 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 995 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 2030 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 2031 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 30000:50000 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 2082 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 2083 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 2086 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 2087 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 2095 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 2096 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2732]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p tcp -m state --state NEW --dport 8408 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 20 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 21 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 22 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 25 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 53 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 80 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 110 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 113 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 443 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 2030 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 2031 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 30000:50000 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 2082 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 2083 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 2086 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 2087 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 2095 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 2096 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 587 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 993 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 995 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2754]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p tcp -m state --state NEW --dport 8408 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2776]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p udp -m state --state NEW --dport 20 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2776]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p udp -m state --state NEW --dport 21 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2776]
Command:[/sbin/iptables  -v -A INPUT ! -i lo -p udp -m state --state NEW --dport 53 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2798]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p udp -m state --state NEW --dport 20 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2798]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p udp -m state --state NEW --dport 21 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2798]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p udp -m state --state NEW --dport 53 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2798]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p udp -m state --state NEW --dport 113 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

*ERROR* line:[2798]
Command:[/sbin/iptables  -v -A OUTPUT ! -o lo -p udp -m state --state NEW --dport 123 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully


*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.

I do not understand where the problem comes from.

Thank you for your help

Offline
*****
Re: License cwp bought, problem with csf
« Reply #1 on: August 07, 2017, 10:00:18 AM »
Hi,

you have to ask your VPS provider to enable iptables for you.
I guess you use OpenVZ VPS and iptables support is disabled by the provider.