csf allow rules removed from chain

Post Reply
bdennie
Junior Member
Posts: 1
Joined: 13 Mar 2024, 20:18

csf allow rules removed from chain

Post by bdennie »

We just ran updates on servers and now on multiple servers I have seen this issue. Customers are having issues connecting to ports that are only available with whitelisting. When I check IP's I see this

csf -g XXX.XXX.XXX.XXX

Table Chain num pkts bytes target prot opt in out source destination
No matches found for XXX.XXX.XXX.XXX in iptables

ip6tables:

Table Chain num pkts bytes target prot opt in out source destination
No matches found for XXX.XXX.XXX.XXX in ip6tables

csf.allow: XXX.XXX.XXX.XXX # Manually allowed: XXX.XXX.XXX.XXX (US/United States/c-XXX.XXX.XXX.XXX.hsd1.fl.comcast.net) - Tue Sep 3 15:44:41 2019

I removed the IP as its a customer IP address. I restart csf and then run the same command and get this

csf -g XXX.XXX.XXX.XXX

Table Chain num pkts bytes target prot opt in out source destination

filter ALLOWIN 157 0 0 ACCEPT all -- !lo * XXX.XXX.XXX.XXX 0.0.0.0/0

filter ALLOWOUT 79 0 0 ACCEPT all -- * !lo 0.0.0.0/0 XXX.XXX.XXX.XXX


ip6tables:

Table Chain num pkts bytes target prot opt in out source destination
No matches found for XXX.XXX.XXX.XXX in ip6tables

csf.allow: XXX.XXX.XXX.XXX # Manually allowed: XXX.XXX.XXX.XXX (US/United States/c-XXX.XXX.XXX.XXX .hsd1.fl.comcast.net) - Tue Sep 3 15:44:41 2019


As you can see before the restart the IP was in the csf.allow list but had no ALLOWIN chain filter. You can also see the IP's have been whitelisted for a long time without issues. This just started after running updates for the servers. Anyone else have these issues or ideas of why it may be happening. After restarting the csf firewall everything works again.

Best regards,
Ben
Post Reply