Hello,
I'm experiencing an issue where the custom firewall script csfpost.sh is no longer executed automatically, likely after the recent cPanel or CSF update on March 19, 2025.
Environment:
cPanel servers running CloudLinux 8 & 9
Imunify360 installed
ConfigServer Firewall (CSF) / LFD enabled
The script (/etc/csf/csfpost.sh) contains custom iptables rules, for example, to allow outgoing connections from port 2525 for user ID 1004:
vi /etc/csf/csfpost.sh
#!/bin/bash
/usr/sbin/iptables -I OUTPUT -p tcp -m owner --uid-owner 1004 --dport 2525 -j ACCEPT
After running csf -ra
csf -ra
.
.
Running /usr/local/csf/bin/csfpost.sh
Checking ipsets consistent <--- noticeable delay of about 3 seconds white running csfpost.sh
Completed
Script finished
.
.
However, checking the firewall rules afterward (csf -l | grep 2525) returns nothing:
[root@ns325 csf]# csf -l | grep 2525
[root@ns325 csf]# (empty result)
Yet, if I manually run the script, the rule applies successfully:
[root@ns325 csf]# sh csfpost.sh
[root@ns325 csf]# csf -l | grep 2525
1 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 1004 tcp dpt:2525
Has anyone experienced this or have any idea what might be causing the issue?
Thanks in advance for any assistance!
Configserver firewall csf csfpost.sh not executed after (cpanel or csf) update
Re: Configserver firewall csf csfpost.sh not executed after (cpanel or csf) update
For your information, you can setup a such rule within /etc/csf/csf.allow, no need to bother with csfpost.sh:
Code: Select all
tcp|out|d=2525|u=1004