csf.allow being ignored in CSF v8.0

[Ed-Freethought]

One of our servers has just upgraded itself to CSF v8.0 and as far as I can tell, nothing specified in /etc/csf/csf.allow is being allowed anymore.

I can see the actual rules have been created properly in the ALLOWIN chain and I can see that the ALLOWIN chain is being called from the LOCALINPUT chain, but traffic is never making it into the LOCALINPUT chain in the first place.

From what I can tell, LOCALINPUT is no longer being called from INPUT (or anywhere for that matter) as it was previously.

[ForumAdmin]

Have you checked each line of the csf restart for any errors as injection of LOCALINPUT into the INPUT chain is not optional within the script and would not be skipped unless there is an error:

Code: Select all

csf -r | grep LOCALINPUT

After restarting csf, what do you see in:

Code: Select all

iptables -L LOCALINPUT -nv

and

Code: Select all

iptables -L INPUT -nv

[Ed-Freethought]

Aha, that pointed me in the right direction - this is an old CentOS 5 server that we inherited as part of an acquisition and it didn't have the iptables-ipv6 package installed.

With that installed everything is now working as expected and the jump to the LOCALINPUT chain is back in the INPUT chain

[Nick57]

Hmm, could that also be the reason for CentOs v6 servers as well?
We only have IPv4 because of that we stripped out the IPv6 on the servers in question.

Do we need to add it back although we are not using it?
We have set the IPV6 = 0