lfd.service: main process exited

[BuycPanel Admin]

Hello,

The following happens every day and I'm not sure why. Could someone explain the purpose of this? Is this intended, or is it an error?
How can I prevent it from happening, and is that recommended?

Daily in /var/log/cron:

Jan 19 00:00:01 <servername> CROND[9782]: (root) CMD (/usr/sbin/csf --lfd restart > /dev/null 2>&1)

Daily in /var/loq/messages

Jan 19 00:00:01 <servername> systemd: Cannot add dependency job for unit microcode.service, ignoring: Unit is not loaded properly: Invalid argument.
Jan 19 00:00:01 <servername> systemd: Stopping ConfigServer Firewall & Security - lfd...
Jan 19 00:00:01 <servername> systemd: lfd.service: main process exited, code=killed, status=9/KILL
Jan 19 00:00:01 <servername> systemd: Unit lfd.service entered failed state.
Jan 19 00:00:01 <servername> systemd: lfd.service failed.
Jan 19 00:00:01 <servername> systemd: Starting ConfigServer Firewall & Security - lfd...

CPANEL VERSION: 60.0 (build 35)
CENTOS VERSION: centos-release-7-3.1611.el7.centos.x86_64
PHP: PHP 5.6.29 (cli) (built: Jan 4 2017 15:09:17)
MYSQL: mysql Ver 14.14 Distrib 5.6.34, for Linux (x86_64) using EditLine wrapper
KERNEL: 4.8.6-x86_64-linode78
APACHE: EasyApache4 (latest)

[qlpqlp]

Hello,

Same problem here withe cPanel/Cloudlinux7

Mostly at 00h01 but there also some randome times that is killed

We also have faced a total lockout server pinging ok but locked out without able to connect to SSH/cPanel/Websites after we "Edit csf.allow" and added an IP and restarted the CSF/LDF

To fix it we had to rename etc/csf/ directory, reboot the server then uninstall CSF and installit again because we had no "Console" to execute the commands on our Datacenter, but we had an external access to mount the disck to manually rename to force CSF/LFD fail on boot.

Here is the log wen I was locked out:

------------------

Code: Select all

ConfigServer Security & Firewall - csf v9.29

Restarting csf...

Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `INVALID'
Flushing chain `INVDROP'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `SMTPOUTPUT'
Flushing chain `cphulk'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Deleting chain `ALLOWIN'
Deleting chain `ALLOWOUT'
Deleting chain `DENYIN'
Deleting chain `DENYOUT'
Deleting chain `INVALID'
Deleting chain `INVDROP'
Deleting chain `LOCALINPUT'
Deleting chain `LOCALOUTPUT'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Deleting chain `SMTPOUTPUT'
Deleting chain `cphulk'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `INVALID'
Flushing chain `INVDROP'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `SMTPOUTPUT'
Deleting chain `ALLOWIN'
Deleting chain `ALLOWOUT'
Deleting chain `DENYIN'
Deleting chain `DENYOUT'
Deleting chain `INVALID'
Deleting chain `INVDROP'
Deleting chain `LOCALINPUT'
Deleting chain `LOCALOUTPUT'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Deleting chain `SMTPOUTPUT'
csf: FASTSTART loading DROP no logging (IPv4)
csf: FASTSTART loading DROP no logging (IPv6)
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
LOG  tcp opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP6IN Blocked* "
LOG  tcp opt    in * out *  ::/0  -> ::/0   tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP6OUT Blocked* "
LOG  udp opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP6IN Blocked* "
LOG  udp opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP6OUT Blocked* "
LOG  icmpv6 opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP6IN Blocked* "
LOG  icmpv6 opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP6OUT Blocked* "
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  
DROP  all opt    in * out *  ::/0  -> ::/0  
DROP  all opt    in * out *  ::/0  -> ::/0  
DENYOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
DENYIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ALLOWOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
ALLOWIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
DENYOUT  all opt    in * out !lo  ::/0  -> ::/0  
DENYIN  all opt    in !lo out *  ::/0  -> ::/0  
ALLOWOUT  all opt    in * out !lo  ::/0  -> ::/0  
ALLOWIN  all opt    in !lo out *  ::/0  -> ::/0  
csf: FASTSTART loading Packet Filter (IPv4)
csf: FASTSTART loading Packet Filter (IPv6)
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  
INVALID  tcp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
INVALID  tcp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
DROP  all opt    in * out *  ::/0  -> ::/0  
INVALID  tcp opt    in !lo out *  ::/0  -> ::/0  
INVALID  tcp opt    in * out !lo  ::/0  -> ::/0  
csf: FASTSTART loading csf.deny (IPv4)
DROP  all opt -- in !lo out *  171.5.145.144  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 70.31.49.57  
DROP  all opt -- in !lo out *  213.174.10.195  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 213.174.10.195  
DROP  all opt -- in !lo out *  41.142.226.55  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 41.142.226.55  
DROP  all opt -- in !lo out *  185.27.105.150  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 185.27.105.150  
csf: FASTSTART loading csf.allow (IPv4)
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   ctstate RELATED,ESTABLISHED
ACCEPT  all opt    in !lo out *  ::/0  -> ::/0   ctstate RELATED,ESTABLISHED
ACCEPT  all opt    in * out !lo  ::/0  -> ::/0   ctstate RELATED,ESTABLISHED
csf: FASTSTART loading TCP_IN (IPv4)
csf: FASTSTART loading TCP6_IN (IPv6)
csf: FASTSTART loading TCP_OUT (IPv4)
csf: FASTSTART loading TCP6_OUT (IPv6)
csf: FASTSTART loading UDP_IN (IPv4)
csf: FASTSTART loading UDP6_IN (IPv6)
csf: FASTSTART loading UDP_OUT (IPv4)
csf: FASTSTART loading UDP6_OUT (IPv6)
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   icmptype 8 limit: avg 1/sec burst 5
ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   icmptype 0
ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   icmptype 8
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   icmptype 0 limit: avg 1/sec burst 5
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   icmptype 11
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   icmptype 3
ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   icmptype 11
ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   icmptype 3
ACCEPT  icmpv6 opt    in !lo out *  ::/0  -> ::/0  
ACCEPT  icmpv6 opt    in * out !lo  ::/0  -> ::/0  
ACCEPT  all opt -- in lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out lo  0.0.0.0/0  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
LOGDROPIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  all opt    in lo out *  ::/0  -> ::/0  
ACCEPT  all opt    in * out lo  ::/0  -> ::/0  
LOGDROPOUT  all opt    in * out !lo  ::/0  -> ::/0  
LOGDROPIN  all opt    in !lo out *  ::/0  -> ::/0  
SMTPOUTPUT  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  
SMTPOUTPUT  all opt    in * out *  ::/0  -> ::/0  
csf: FASTSTART loading SMTP Block (IPv4)
csf: FASTSTART loading SMTP Block (IPv6)
csf: FASTSTART loading DNS (IPv4)
csf: FASTSTART loading DNS (IPv6)

-------------------------------------------

Any advice what append?

Regards,

[yorodriguez]

Same problem here.

Edit:
See: viewtopic.php?f=6&t=9942 ???

[hanzzon]

Same problem here, but not a Cpanel server, just CentOS7 standard install.
This issue started for me after an update of CentOS7, but back then a Google search revealed no matches.

The same error is logged when doing a manual "csf --restartall".

[bouvrie]

Same issue here, cPanel is able to restart the service, but I'm curious why it gets killed in the first place.

Looks like I have too many IP blocks (iptables busy waiting), and the csf.error mentions I should use IPSET. Guess that will be the solution.

[yorodriguez]

Looks like I have too many IP blocks (iptables busy waiting), and the csf.error mentions I should use IPSET. Guess that will be the solution.

Worked for me.