IP address blocked after a while

Post Reply
douwe_superspace
Junior Member
Posts: 1
Joined: 16 Dec 2024, 12:37

IP address blocked after a while

Post by douwe_superspace »

Hi there,

We allow remote MySQL access for specific IP adress, by adding a rule to the csf.allow file as following;

d=3306|s=<ip_address> #

This has been working fine for a couple of years now.

However, since a few days we got multiple complaints that MySQL access is blocked. When checking the logs I see these entries; indicating that the port is blocked. I have seen multiple cases of this, on seperate servers.

Dec 16 13:20:29 server kernel: Firewall: *TCP_IN Blocked* IN=public_ipv4 OUT= MAC=***********************:***************** SRC=************* DST=************ LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=39336 DF PROTO=TCP SPT=38626 DPT=3306 WINDOW=42340 RES=0x00 SYN URGP=0

Restarting CSF solves the issue, but it usually comes back after a couple of days. I cannot find any log details on why the IP address was blocked in the first place, which is the case when an IP address is blocked by cphulk for example.

This is a CloudLinux 8 server, running cPanel.

Is this a bug in a new version of CSF, or is there anything else I am missing?

Thanks!
Top
Post Reply

Return to “General Discussion (csf)”