CSF 2.87 not blocking .deny at startup

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
cemper
Junior Member
Posts: 7
Joined: 10 Aug 2007, 16:46

CSF 2.87 not blocking .deny at startup

Post by cemper »

For some odd reason the new CSF 2.87 is not blocking the previously blocked IPs/ranges from the deny file

While it looks like it generates a lot of iptable rules, does do not have an effect

Furthermore it must be noted that a "quick deny" for an IP, doing an iptable statement still works... but that block is gone after CSF restart

a normal IPTABLES statement for blocking IP/ranges also works

Anyone else experiencing this? We actually had 2 production servers unsecure the last couple days and still don't know what's going on therer

HELP PLEASE!
Top
cemper
Junior Member
Posts: 7
Joined: 10 Aug 2007, 16:46

Post by cemper »

it appears this problem is related to the WHM plugin not correctly reading the csf.conf,
which means, while "monolithic_kernel" was set in WHM it wasnt reflected in csf.conf !?!:confused:
Top
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

The WHM plugin simply reads /etc/csf/csf.conf
Top
cemper
Junior Member
Posts: 7
Joined: 10 Aug 2007, 16:46

Post by cemper »

chirpy wrote:The WHM plugin simply reads /etc/csf/csf.conf
well, that's what it says and obviously that was the reason for 2 days of headaches.

the WHM plugin did not correctly UPDATE the csf.conf then,
so a couple settings were wrong for 2 days, rendering the firewall inactive....

we editied csf.conf by hand to cure this
Top
Post Reply

Return to “Report Bugs (csf)”