CSF takes 1 hour+ to start
Posted: 06 Feb 2017, 09:53
Hi there, I just rebooted my server and spent over an hour watching the iptables rules being loaded one by one. It seems as though there were many thousands of rules being set, but I cannot understand how. Once CSF had finished and I was able to interactively access the server, I checked csf.deny and there are only 218 lines in that file, which are all single IPs (not CIDRs). there are currently 12 temp bans. I have the following blocklists enabled: SPAMDROP, SPAMEDROP, DSHIELD, BOGON, HONEYPOT, CIARMY, OPENBL, GREENSNOW.
I ran iptables -S to list the rules on this server, and on another server with the same spec in the same cluster - both returned a (subjectively) similar amount of rules. Definitely this command did not show the 1000's of DROP rules which were being created during boot. When I ran csf -r on the other server it restarted in < 1 minute.
What can I do to understand why my server took > 1 hour to reboot? I was logged onto the console while it was rebooting and I saw that what it was doing was loading DROP rules into iptables. I don't know where all those DROP rules came from. The server was unusable for more than an hour while this was going on - clearly this presents problems for future reboots and I wouldn't want to do one without understanding what happened this time and where all these DROP rules came from.
I'm not using any CC_ALLOW or CC_DENY rules.
AHA, Ben
I ran iptables -S to list the rules on this server, and on another server with the same spec in the same cluster - both returned a (subjectively) similar amount of rules. Definitely this command did not show the 1000's of DROP rules which were being created during boot. When I ran csf -r on the other server it restarted in < 1 minute.
What can I do to understand why my server took > 1 hour to reboot? I was logged onto the console while it was rebooting and I saw that what it was doing was loading DROP rules into iptables. I don't know where all those DROP rules came from. The server was unusable for more than an hour while this was going on - clearly this presents problems for future reboots and I wouldn't want to do one without understanding what happened this time and where all these DROP rules came from.
I'm not using any CC_ALLOW or CC_DENY rules.
AHA, Ben