Whtielsiting on Ubuntu Not Working

[greenot]

When adding a new ip to the allow list using csf -a, the rule seems to be isnerted into IPTables, however, its not being honored. We still see blocking messages in syslog.

Rebooting is the only way I have found to clear it. Disabling fasstart did not work, enable/disable did not work.

Any ideas on this?

[greenot]

It looks like it might have something to do with iptables-legacy

[Shagoon]

I've got the same issue on several Ubuntu and Debian servers.

Can confirm that rebooting the server does indeed fix the issue, but this is quite a big inconvenience for production servers.

Did anyone find any other solution that doesn't require a server reboot?

Thanks.

[Sergio]

When this happens, and if cPhulk is enabled on your server, try to check if the IP is not blocked by cPhulk.
I had a similar issue and after checking everything I found that cPhulk was blocking the IPs not CSF.

[Shagoon]

cPhulk is not installed on any of the affected servers.

Even adding rules to iptables manually doesn't have any effect until a server reboot is performed.

I think it's related to what @greenot said about iptables-legacy, but I couldn't find a solution yet.

[pluggi]

I'am facing a simular problem today.

I whitelisted an ipv4 network in csf.allow, reloaded csf.
Check iptables output afterwards, the network is listed but still blocked.

Did you find a workaround beside rebooting?