iptables syntax error

[optize]

We run the same config on all of our servers, however this one spits out an iptables error.

Code: Select all

debug[820]: Command:/sbin/iptables -v --policy FORWARD DROP
debug[822]: Command:/sbin/ip6tables -v --policy INPUT   DROP
debug[823]: Command:/sbin/ip6tables -v --policy OUTPUT  DROP
debug[824]: Command:/sbin/ip6tables -v --policy FORWARD DROP
*ERROR* line:[1352]
Command:[/sbin/iptables -v -A DENYIN ! -i lo -p tcp --dport  -s 120.140.154.96 -j DROP]
Error:[iptables v1.4.7: invalid port/service `-s' specified]
You should check through the main output carefully

*ERROR* line:[1352]
Command:[/sbin/iptables -v -A DENYIN ! -i lo -p tcp --dport  -s 187.32.5.17 -j DROP]
Error:[iptables v1.4.7: invalid port/service `-s' specified]
You should check through the main output carefully

*ERROR* line:[1352]
Command:[/sbin/iptables -v -A DENYIN ! -i lo -p tcp --dport  -s 49.248.188.35 -j DROP]
Error:[iptables v1.4.7: invalid port/service `-s' specified]
You should check through the main output carefully

*ERROR* line:[1352]
Command:[/sbin/iptables -v -A DENYIN ! -i lo -p tcp --dport  -s 113.179.240.164 -j DROP]
Error:[iptables v1.4.7: invalid port/service `-s' specified]
You should check through the main output carefully

I grepped /etc/csf for those IPs, and they don't exist, so I'm not sure if it's one of the blacklists added them, and if so, why it's not specifying the dest port. Running CSF v7.15.

[ForumAdmin]

From that line number, those are temporary denies. Unless they're already removed, what do you have in /var/lib/csf/csf.tempban?

[optize]

It seems they are temp bans, however I'm not sure why they aren't displaying the port.

1409063893|89.254.152.80|,26|in|1800|lfd - (smtpauth) Failed SMTP AUTH login from 89.254.152.80 (LV/Latvia/-): 5 in the last 300 secs

--

*ERROR* line:[1352]
Command:[/sbin/iptables -v -A DENYIN ! -i lo -p tcp --dport -s 89.254.152.80 -j DROP]
Error:[iptables v1.4.7: invalid port/service `-s' specified]
You should check through the main output carefully

[ForumAdmin]

What do you have as a value for PORTS_smtpauth in /etc/csf/csf.conf?

[optize]

Don't have that in csf.conf.

# grep smtpauth -i /etc/csf/csf.conf
LF_SMTPAUTH = "5"
LF_SMTPAUTH_PERM = "1800"
# Tracking applies to LF_SSHD, LF_FTPD, LF_SMTPAUTH, LF_POP3D, LF_IMAPD,
SMTPAUTH_LOG = "/var/log/exim_mainlog"

[ForumAdmin]

That will be why it is failing then, you have an incomplete csf.conf file. There should be a list of port definitions at the bottom of csf.conf, e.g.:

Code: Select all

# The following are comma separated lists used if LF_SELECT is enabled,
# otherwise they are not used. They are derived from the application returned
# from a regex match in /usr/local/csf/bin/regex.pm
PORTS_pop3d = "110,995"
PORTS_imapd = "143,993"
PORTS_htpasswd = "80,443"
PORTS_mod_security = "80,443"
PORTS_mod_qos = "80,443"
PORTS_symlink = "80,443"
PORTS_suhosin = "80,443"
PORTS_cxs = "80,443"
PORTS_bind = "53"
PORTS_ftpd = "20,21"
PORTS_webmin = "10000"
PORTS_cpanel = "2077,2078,2082,2083,2086,2087,2095,2096"
# This list is extended, if present, by the ports defined by
# /etc/chkservd/exim-*
PORTS_smtpauth = "25,465,587"
PORTS_eximsyntax = "25,465,587"
# This list is replaced, if present, by "Port" definitions in
# /etc/ssh/sshd_config
PORTS_sshd = "22"

Doing a forced update of csf should generate a corrected csf.conf:

Code: Select all

csf -uf

[optize]

Got an updated config, still has a syntax error during run.

[ForumAdmin]

You will have to remove the corrupt entry you now have in /var/lib/csf/csf.tempban due to the incomplete csf.conf and then restart csf and then lfd.

[optize]

It appears that the syntax error is gone, however my original problem (not related directly to the syntax error) is still there, so I guess I'll open up another ticket ;-)

Just for my sanity, doing a upgrade which re-generates csf.conf, does it keep my existing values or do I need to go back and go through each variable again? It appears it keeps them, however just checking.

[ForumAdmin]

It keeps existing values.