Control Web Panel
Security => CSF Firewall => Topic started by: Namaste on September 23, 2020, 12:20:02 PM
-
I logged into admin okay but noticed that the dashboard said CSF not enabled. I clicked to enable and got a message that said CSF is not disabled. In the meantime, dashboard advised new update available. I updated from 1008 to 1009. Now login requires 5 minutes to get in.
ALSO csf is not working properly. I cannot do csf -x or -r or -f. Nothing happens.
Results from perl test of csf
Testing ip_tables/iptable_filter...FAILED [FATAL Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for csf to function
Testing ipt_LOG...FAILED [FATAL Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for csf to function
Testing ipt_multiport/xt_multiport...FAILED [FATAL Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for csf to function
Testing ipt_REJECT...FAILED [FATAL Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for csf to function
Testing ipt_state/xt_state...FAILED [FATAL Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for csf to function
Testing ipt_limit/xt_limit...FAILED [FATAL Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for csf to function
Testing ipt_recent...FAILED [Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for PORTFLOOD and PORTKNOCKING features
Testing xt_connlimit...FAILED [Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...FAILED [Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT...FAILED [Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for csf.redirect feature
RESULT: csf will not function on this server due to FATAL errors from missing modules [6]
[r
-
I'll take a wild guess here: you didn't install a clean version of the OS from a CentOS minimal ISO (instead using a hosting provider template) and left firewalld installed/running.
Though could be something entirely different, of course.
-
This an older install january 2020. firewalld not running.
-
csf.service - ConfigServer Firewall & Security - csf
Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: disabled)
Active: active (exited) since Fri 2020-08-07 21:45:04 EDT; 1 months 16 days ago
Main PID: 778 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/csf.service
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
-
That status looks OK.
'dmesg' should show it blocking the usual idiots scanning your server - might not be many if you're in a NAT environment.
At this stage 'csf -v','csf -f', 'csf -x' and 'csf -e' still don't work?
TESTING=0 ? (clutching at straws)
Try a forced/manual reinstall - refer to configserver website
-
I rebooted my linode node. That seemed to fix everything. CWP Dash now shows green again for firewall.