A VPS I admin recently needed to upgrade from a 2.4 series kernel to 3.12.27. It appears that csf/lfd are no longer working to do any iptables firewall filtering. When I try to add an address with csf -d, I get this error:
# csf -d xxx.xxx.xxx.xxx
Adding xxx.xxx.xxx.xxx to csf.deny and iptables DROP...
iptables v1.4.21: Couldn't load target `LOGDROPIN':No such file or directory
I have a CentOS 6.6 server, running OpenVZ with two nodes. The nodes are typical web servers, and my intention is to have inbound and outbound HTTP, HTTPS, and SSH open. To make this work, I've created a file under /etc/csf/csfpre.sh:
iptables -A INPUT -i venet0 -j ACCEPT
iptables -A OUTPUT -o venet0 -j ACCEPT
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
iptables -A FORWARD -j ACCEPT...
Only just noticed that CSF is blocking my FTP i use (FileZilla) And also a new program im looking to use (SyncBack). I can only login through FTP if CSF is disabled.
I've put my needed rules in csfpost.sh, used the full path to /sbin/iptables-restore in my case, and I can verify that my rules are in place after I start `csf -r`
` iptables -t nat -L -v -n` tells me they are in.
my rules are:
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.3.5:80
-A POSTROUTING -s 10.0.3.0/24 ! -d 10.0.3.0/24 -j MASQUERADE
I have a small VPS that I run and am always looking at things I can do to make my system more secure as well as increase performance with my limited resources, two things that sometimes conflict. After a discussion the other day with a friend about blocklists, number of iptables rules and performance, I was curious about the number of IPs in the blocklists and decided to do a little analysis....
Hello, I am using a PHP application that sends emails by going through SMTP. The port it goes through to sends emails is 587. I tried to send a test email but no luck. I contacted CPanel about this and they checked csf.conf and saw that it was whitelisted in both TCP_OUT and TCP_IN. They then stopped CSF and testing sending an email and it worked perfectly. They turned CSF back on and then came...
We have 127.0.0.1 in the ignore list and yet we are getting flooded with alert emails. We are running ASSP Deluxe which generates a lot of mail flow using that IP.
Could there be something that's keeping the ignore list from loading? Any guidance would be greatly appreciated.
Hello, I've been attempting to enable the SMTPAUTH_RESTRICT option on our CPanel server.
It appears to be working for port 25, but causing authentication failure with port 587.
Following the instructions in /etc/csf/readme, When I add:
auth_advertise_hosts = ${if match_ip{$sender_host_address}{iplsearch;/etc/exim.smtpauth}{*}{}}
Authentication attempts via port 587 respond with this warning:...
Have entered the dyndns information within csf in the /etc/csf/csf.dyndns file as required.
If I disable csf I have no issues in reaching my pbx that csf is installed on. Once I enable csf, all functions of csf work great except csf will not pass my no-ip fqdn (monkey.ddns.net) thru to my pbx server.
Hi everyone!
I'm trying to call a simple script at the block_report option at csf.
In my configuration file i'v got this:
# address block following for example a login failure. The following setting
# is to the full path of the external script which must be executable. See
# readme.txt for format details
#
# Leave this setting blank to disable
BLOCK_REPORT = /usr/local/bin/scripts/cban
We had an issue wherein a server couldn't reach the Plesk licensing server, even with port 5224 added to the egress rules. We had RU added to the CC_DENY config which was very clearly the cause (I found the blocked range in iptables). After removing RU from CC_DENY, all worked fine.
I had even tried inserting a rule into csf.allow which created the corresponding iptables rule...
Our server has been under repeated 'attacks' from overwhelming port flooding and syn flooding and http requests. Installed CSF last week and successfully blocked the syn attacks and was able to deny certain httpd IP addresses that caused most of the issues. All good.
This week - the attack resumed. This time it was more or less focused on httpd. And too many different IPs to effectively block....
I have a cPanel server with CSF installed. The problem that I am having is the firewall appears to be blocking users from accessing my website. I don't want to have to add their IP's to the whitelist each time, can anyone explain what I am doing wrong, maybe I have missed a config.
Lately I have been getting this error every day when my server reboots in the morning:
Error: The VPS iptables rule limit (numiptent) is too low (512/512) - stopping firewall to prevent iptables blocking all connections, at line 583 in /usr/sbin/csf
Most online references suggest that the solution to this problem is to get my VPS host to increase the numiptent value, which they will not do....
I've added a user to csf.fignore file and restarted lfd, but the warnings keeps coming:
Suspicious File Alert - /dev/shm/
Time: Mon Jun 1 08:10:26 2015 +0200
File: /dev/shm/.3675c
Reason: Suspicious directory
Owner: myuser:myuser (506:507)
Action: No action taken
This line was added to csf.fignore:
user:myuser
Why does warning still keep coming for that user for directory in /dev/shm ?
The old csf.blocklist file contains wrong url of Emerging Threats - Russian Business Networks List. (and the new one doesnt contain that)
The new url is:
I am trying to disable email alerts for any blocks that occur. I have disabled as many LF_*_ALERT or similar I can find, including LF_EMAIL_ALERT = 0 . I only want to leave open SSH Logins alerts.
BUT I am still getting emails like the following, and I cannot see any config setting to disable these, can someone help?
Time: Sat Jul 19 05:57:39 2014 +0100
IP: 1.0.201.185...
I modified the email template usertracking.txt to include load averages. A simple cut and paste from the appropriate section of loadalert.txt. The variables aren't replaced?
I get as an email:
lfd on {snip}: Excessive processes running under user {snip}
From: root@{snip}
To: root@{snip}
Time: Tue Mar 11 10:41:29 2014 -0500
Account: {snip}
Process Count: 32 (Not...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum