ConfigServer Community Forum

Hello,

We're having the xtables lock issue:

Jul 11 02:05:27 lfd[4545]: *Error*: Unable to check csf due to xtables lock, enable WAITLOCK in csf.conf

I've checked other threads and it says this should have been solved in a previous version of CSF.
We're running version 10.14:

[root@server ~]# csf -v
csf: v10.14 (cPanel)

I don't know if this is a bug or if something is really using iptables, but so far we haven't found any other app using it.

If we stop csf, remove csf.error and start csf again, it works fine for a few hours, but then the problem comes back.

Any help with this will be appreciated.

I've enabled WAITLOCK but I'm still getting the same error after a few hours.

Any help?

Thanks!
Moderated Message:

Sorry to bump the thread before.

I've been digging deeper into this.

I've tested the same CSF config on different servers running CentOS 6.x with cPanel, and CentOS 7.x with cPanel.

All of them have the same settings, but the issue only happens on CentOS 7. CSF works like a charm on CentOS 6.

By trial and error, I've found that my settings to allow cPanel/WHM ports only to certain countries (around 20 countries) is causing the problem. For this I use CC_ALLOW_PORTS (to allow the countries) and CC_ALLOW_PORTS_TCP / CC_ALLOW_PORTS_UDP (to tell the ports).

It's like CSF is slow or something when loading the countries lists, and this leads to the issue. I've a Nagios system and the CSF check runs fine if the server has CentOS 6 w/ cPanel, but not in the case of CentOS 7 w/ cPanel.

Like I said, it's happening only on CentOS 7 with cPanel.
I had come across a post on Webhostingtalk that suggested to unistall Firewalld and NetworkManager, but that didn't solve the problem.

I'll research this further.

If someone else is having this problem, I solved it by enabling LF_IPSET in csf.conf

Thanks to @yorodriguez for this.

Moderator: please close/mark this thread as solved if you want.