General question about csf at boot

[haus]

I flushed iptables with "iptables --flush" (don't do this if you don't know what it does!). Then I rebooted my system (Ubuntu 16.04). CSF started as expected, but I noticed the "flushed"/nonexistent firewall rules were still there after the reboot. I had to issue a csf -s in order to get my iptables rules reinstated. I was a little surprised by that, since I assumed that at boot, csf would start fresh with its csf.conf configuration. Is it expected behaviour for csf not to set the firewall rules on boot? Or is it a configuration setting, or maybe there's a good reason for it to behave the way it does?

[ForumAdmin]

That sounds like FASTSTART (in csf.conf) working which uses iptables-save and iptables-restore on reboot. If you want csf to set up the rules afresh, then you would need to disable FASTSTART (or don't flush the rules before rebooting).

[haus]

Thank you! Indeed that sure sounds like it, as FASTSTART is "1" in this config. I won't bother changing it as I was just curious about this mode of operation and I really appreciate your taking a moment to answer!

And yes, for non advanced users please don't flush your iptables rules as you'll lose connection to your server and it may take more than a straight reboot to get it back. Only do this if you know you have another way in (e.g., keyboard and mouse, etc.).