ConfigServer Community Forum

I flushed iptables with "iptables --flush" (don't do this if you don't know what it does!). Then I rebooted my system (Ubuntu 16.04). CSF started as expected, but I noticed the "flushed"/nonexistent firewall rules were still there after the reboot. I had to issue a csf -s in order to get my iptables rules reinstated. I was a little surprised by that, since I assumed that at boot, csf would start fresh with its csf.conf configuration. Is it expected behaviour for csf not to set the firewall rules on boot? Or is it a configuration setting, or maybe there's a good reason for it to behave the way it does?

That sounds like FASTSTART (in csf.conf) working which uses iptables-save and iptables-restore on reboot. If you want csf to set up the rules afresh, then you would need to disable FASTSTART (or don't flush the rules before rebooting).

Thank you! Indeed that sure sounds like it, as FASTSTART is "1" in this config. I won't bother changing it as I was just curious about this mode of operation and I really appreciate your taking a moment to answer!

And yes, for non advanced users please don't flush your iptables rules as you'll lose connection to your server and it may take more than a straight reboot to get it back. Only do this if you know you have another way in (e.g., keyboard and mouse, etc.).