I flushed iptables with iptables --flush (don't do this if you don't know what it does!). Then I rebooted my system (Ubuntu 16.04). CSF started as expected, but I noticed the flushed /nonexistent firewall rules were still there after the reboot. I had to issue a csf -s in order to get my iptables rules reinstated. I was a little surprised by that, since I assumed that at boot, csf would start...
I am using CSF on my cpanel server, i want to disable ICMP Timestamp Response as Trustwave is failing PCI DSS scan due to this, how do I achieve this via CSF, I disabled incoming ICMP but that has not solved this issue. Below is the description given by Trustwave about this:
---
The ICMP protocol is used to support many administrative and maintenance messages on an IP network (the most...
Just a note that I ran into a problem with certain cluster members were not responding. I double checked their configurations and everything looked good. Restarting LFD wouldn't fix anything. When I ran csf --cping from the master node two of them reported no reply even though when I looked at their logs you could see lfd : Cluster member (CA/Canada/ ) said PING!
I've been managing CSF as a plug-in in Cpanel WHM. If Cpanel expires, how to I continue to access the CSF Web Interface? Are there any changes I need to make to the config?
After updating CSF to v7.0.3, i get error in DirectAdmin Control Panel/CSF: Permission denied .
Reinstall of CSF is the simple solution, but not the best.
Is there a good solution? Changing file or folder permissions for example?
Reinstall firewall gives opportunity for hacking..because:
1. No firewall is not good at all.
2. There is a few minutes time to hack your server. (FAST_START solves...
I have a client who has some mysterious old e-mail reference somewhere on their devices or on my server that is continuously looking for mail and being denied access and they keep getting blocked whenever their ip address changes as they travel.
Is it possible to configure CSF to ignore any time mysteryaddress@domain.com tries to connect for mail from any ip?
Ive just setup a new server and configured a HE IPv6 tunnel, and all outbound traffic is being blocked by CSF, even though I have all ports allowed on outbound.
# Allow outgoing TCP ports
TCP6_OUT = 0:65535
# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP6_OUT = 0:65535
I've added the tunnel server ipv4 address to csf.allow and can ping other ipv6...
Hello, We have been recently getting alerts for 0.0.0.0 (-/-/-) blocked with too many connections . This appears to be triggered by our CT_LIMIT=500 setting. suggests 0.0.0.0 is a meta IP for all system IP addresses, however, why would CSF block it's own systems IP addresses? The concern is should this be blocked and is there any adverse effect? Is there any action we should take?
I found that one entry in csf.blocklists (RBN) returns a 404 and I figured I'd disable the list. I even found some alternative rules by emerging threats.
The problem is that whenever I edit csf.blocklists, either using the WHM interface or via SSH, it seems to work at first and then after some time it just resets again. I can't comment out the line either.
One of our customers is having issues with a remote MX, so my plan was to block it on CSF, but every once in a while it gets cleared out due to the IP limit of the deny table.
How can I block that IP forever?
Also, is there a way to block domains using dyndns instead of just allowing them thru?
We're trying to build a Centos Gateway for our cloud host server. This is actually easier than I first thought with iptables using the following command to set-up NAT masquerading:
/sbin/iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
Having already set-up IP Forwarding, this command pretty much allows the guests to use the Centos Gateway to connect to the Internet...
Anyone else seeing a dramatic increase in ftp attacks on their servers from RU, KZ, UA, BR and BY over the past 24 hours. Typically the firewall blocks 4-5 IP's a day. In the past 24 hours it has thrown permanent blocks up over 800 different IP's from these countries on various servers I run.
Got to the point that I just ended up blocking the CC's.
I have CC_DENY = a few countries which are notorious for malicious traffic. However, I have clients who deal in these countries and their mail is interrupted by these rules. I have been manually adding the mailserver IPs, however, is there a working solution for allowing SMTP traffic through these rules?
Thanks
Hi,
One of my servers suffered a network blow dealt by a datacenter problem. Crashed several database tables, other assorted things.
In the WHM area when I click on the CSF link in the bottom left instead of the full interface I just get the icon and the header image in the right pane.
The firewall is working, I know because I blocked myself and had to log in to one of my other servers and flush...
I am trying to build a New Debian 8 (Jessie) Apache2 Server for a project. I would like to secure the Server as much as possible to keep risks level to a minimum, So far, I was able to install everything after several days of trial and error. Right now, I am at the Security level of my project and ran into some difficulties getting the Firewall to allow access to a few key...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum