Hello,
(csf v7.69, ec2-ubuntu 14.04 86_x64)
I use ipset on my CSF. (when LF_IPSET = 0, iptables work perfect!)
I've been trying a simple disaster scenario. According to my scenario, I should block all countries except one to reduce effects of a DDOS attack.
After I set CC_DENY and CC_ALLOW parameters for an example, I checked whether it works or not. Unfortunately it didn't work.
I couldn't see anything for CC_ALLOWF and CC_DENY parameters on "View iptables Rules" page because of I use ipset.
Then I tried to check using ipset command "sudo ipset list". However CSF --help results appeared on the console.
Then I cheked /var/lib/csf directory for any file to see anything. Unfortunetly..
Then I checked my syslog file I saw the lines below.
Is there any chance to control IPSET and test my CSF?
-------------- var/log/syslog ------------------
May 21 08:40:32 lfd[5459]: CC: Extracting zone from GeoLite CSV Country database for [RO]
May 21 08:40:32 lfd[5459]: CC: Extracting zone from GeoLite CSV Country database for [CN]
May 21 08:40:33 lfd[5459]: CC: Repopulating ipset cc_cn with IP addresses from [CN]
May 21 08:40:33 lfd[5459]: IPSET: loading set new_cn with 3731 entries
May 21 08:40:34 lfd[5459]: IPSET: switching set new_cn to cc_cn
May 21 08:40:36 lfd[5459]: CC: Repopulating ipset cc_ro with IP addresses from [RO]
May 21 08:40:36 lfd[5459]: IPSET: loading set new_ro with 2256 entries
May 21 08:40:36 lfd[5459]: IPSET: switching set new_ro to cc_ro
Audit of Iptables and Ipset
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: Audit of Iptables and Ipset
My guess would be that you have not set the path to the ipset binary correctly in /etc/csf/csf.conf. On Ubuntu 14 it is located in /sbin/ipset and not the csf default.
There is not reason whatsoever unless you have seriously messed with something that issuing an ipset command would run the csf script. On our environment:Then I tried to check using ipset command "sudo ipset list". However CSF --help results appeared on the console.
Code: Select all
root@ubuntu:~# sudo ipset -v
ipset v6.20.1, protocol version: 6-
addictofcsf
- Junior Member
- Posts: 8
- Joined: 20 May 2015, 09:51
Re: Audit of Iptables and Ipset
Thank you!
I've tested it and it works!
After you warn me I've tried to verify all directories. And I saw Ubuntu 14.04 has not systemctl on /bin directory.
I found a version explanation for v7.60 at http://blog.configserver.com/?p=2409
Then I created /usr/lib/systemd/system directory manually. Is this a problem for CSF?
I've tested it and it works!
After you warn me I've tried to verify all directories. And I saw Ubuntu 14.04 has not systemctl on /bin directory.
I found a version explanation for v7.60 at http://blog.configserver.com/?p=2409
There is a systemd directory as /usr/lib/systemd however no /usr/lib/systemd/system/Ensure that /usr/lib/systemd/system/ is created on install on systemd servers
Then I created /usr/lib/systemd/system directory manually. Is this a problem for CSF?