ConfigServer Community Forum

Csf Enabled but stopped. Can not restart.
I test the installation with perl /usr/local/csf/bin/csftest.pl and it tells me the following error.

 Testing ip_tables / iptable_filter ... FAILED [FATAL Error: Another app is currently
 Holding the xtables lock. Perhaps you want to use the -w option?] - Required for csf to function
Testing ipt_LOG ... FAILED [FATAL Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for csf to function

Testing ipt_multiport / xt_multiport ... FAILED [FATAL Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required
For csf to function
Testing ipt_REJECT ... FAILED [FATAL Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for csf to function
Testing ipt_state / xt_state ... FAILED [FATAL Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for csf
To function
Testing ipt_limit / xt_limit ... FAILED [FATAL Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for csf
To function
Testing ipt_recent ... FAILED [Error: Another app is currently holding the xtables
 Lock Perhaps you want to use the -w option?] - Required for PORTFLOOD and PORTKNOCKING features
Testing xt_connlimit ... FAILED [Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for CONNLIMIT feature
Testing ipt_owner / xt_owner ... FAILED [Error: Another app is currently holding the
 Xtables lock. Perhaps you want to use the -w option?] - Required for SMTP_BLOCK
 And UID / GID blocking features
Testing iptable_nat / ipt_REDIRECT ... FAILED [Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for MESSENGER feature
Testing iptable_nat / ipt_DNAT ... FAILED [Error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?] - Required for csf.redirect feature

RESULT: csf will not function on this server due to FATAL errors from missing modules [6]

Thank you for your help.

I have the same issue. My install of CSF was preformed by ConfigServer staff. It has worked flawlessly for a couple of years now. It was about a month and a half ago when it stopped. I backed up the config files and then uninstalled csf, I then ran the test to ensure CSF had all of the modules available and everything was there, receiving "OK" for each. I then re-installed CSF, copied over the config files and CSF. restarted CSF/LFD and everything worked again, but only for about 48 hours.

at this point:
1) CSF is in a loop trying to restart
2) iptables is running
3) if you use the "test iptables" button within the CSF page within WHM you will get all of the errors you mentioned above.. I believe you are getting these error because iptables has locked up the modules you are testing for.

I keep hoping for an upgrade to this software/service, believing when it comes out the fix will be included...

I know this will not help you fix your problem, only let you know someone else has it too.

Please let us know if you find the reason/fix...

-Kit

Found out my issue was resolved by stopping Mailscanner then restarting LFD then starting/restarting MailScanner....

The symptom was CSF not running/firewall stopped and iptables running... load average was considerably higher, i.e. 1.5% and above where normally it is around .2 - .3%

Hope this helps others.

-Kit