New install on WHM blocking traffic even in test mode

[jjozwik]

Hello,
I am working on a new install of csf. I am getting traffic blocked even in test mode. This is on a VPS in hostgator centos 6.9
WHM 66
Aug 23 10:08:14 bam kernel: [83791.390097] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=fa:16:3e:89:99:17:00:1c:73:63:e5:9b:08:00 SRC=XXXXXX DST=XXXXX LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=15024 DF PROTO=TCP SPT=9441 DPT=80 WINDOW=55520 RES=0x00 SYN URGP=0

in /etc/sysconfig/iptables-config

it is showing
IPTABLES_MODULES=""

[jjozwik]

Well I added the IPTABLES_MODULES from another server and now test mode works. But it is still blocking port 80 unless the IP is whitelisted.

[jjozwik]

This might just be a problem with the kernel. This VPS is under a kvm kernel in host gator. So it might not support the dyanmic firewall.

[ForumAdmin]

Hostgator VPS's don't have their host servers setup correctly for connection tracking in iptables. If you set LF_SPI = "0" in /etc/csf/csf.conf and then restart csf and then lfd you should then be OK.