Configserver firewall csf csfpost.sh not executed after (cpanel or csf) update

Post Reply
nickgr
Junior Member
Posts: 3
Joined: 16 Oct 2020, 09:20

Configserver firewall csf csfpost.sh not executed after (cpanel or csf) update

Post by nickgr »

Hello,

I'm experiencing an issue where the custom firewall script csfpost.sh is no longer executed automatically, likely after the recent cPanel or CSF update on March 19, 2025.

Environment:

cPanel servers running CloudLinux 8 & 9
Imunify360 installed
ConfigServer Firewall (CSF) / LFD enabled
The script (/etc/csf/csfpost.sh) contains custom iptables rules, for example, to allow outgoing connections from port 2525 for user ID 1004:

vi /etc/csf/csfpost.sh

#!/bin/bash
/usr/sbin/iptables -I OUTPUT -p tcp -m owner --uid-owner 1004 --dport 2525 -j ACCEPT


After running csf -ra

csf -ra
.
.
Running /usr/local/csf/bin/csfpost.sh
Checking ipsets consistent <--- noticeable delay of about 3 seconds white running csfpost.sh
Completed
Script finished
.
.



However, checking the firewall rules afterward (csf -l | grep 2525) returns nothing:


[root@ns325 csf]# csf -l | grep 2525
[root@ns325 csf]# (empty result)


Yet, if I manually run the script, the rule applies successfully:


[root@ns325 csf]# sh csfpost.sh
[root@ns325 csf]# csf -l | grep 2525
1 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 1004 tcp dpt:2525


Has anyone experienced this or have any idea what might be causing the issue?

Thanks in advance for any assistance!
geekytone
Junior Member
Posts: 27
Joined: 04 Aug 2020, 13:58

Re: Configserver firewall csf csfpost.sh not executed after (cpanel or csf) update

Post by geekytone »

For your information, you can setup a such rule within /etc/csf/csf.allow, no need to bother with csfpost.sh:

Code: Select all

tcp|out|d=2525|u=1004
Post Reply