This issue is making me crazy -- however, one of our servers is accepting connections on all ports even though it's not specified in csf.conf, it's like iptables isn't even running, even though it is.
Is there anything we can add to log all packets (and their iptables rule) so we can figure out why these packets are being accepted, despite being in the TCP_IN list?
Server allowing all connections regardless of csf.
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: Server allowing all connections regardless of csf.
Check your ETH_* options are all empty in csf.conf. Check /etc/csf/csf.allow to ensure the IP or CIDR containing the IP is not listed (e.g. we've seen cases where people have whitelisted 0.0.0.0/1). Ensure DROP = "DROP" in csf.conf. Restart csf after making any changes and retry immediately incase something external to csf on your server is adding iptables rules.
If running a custom kernel then that's the next thing to check.
If running a custom kernel then that's the next thing to check.
Re: Server allowing all connections regardless of csf.
Found it - there was an entry in csf.allow for 10.0.0.0/0, which CSF was treating as 0.0.0.0/0