csf suddenly stops blocking traffic -- all ports open
Posted: 20 Aug 2019, 19:04
Hi,
We've been having some issues the last couple months with quite a few servers, suddenly ssh is open and we are receiving reports of tons of root login attempts.
reloading csf with 'csf -r' OR rebooting resolves the issue
an nmap of the server will show all ports open, as if no firewall is running at all
csf continues to write to the log showing it is blocking IPs, but it does not appear to be actually doing so
iptables -L still shows all expected rules
I use ipset normally, and I've tried disabling that to see if it was causing the issue, but it happens regardless of whether ipset is enabled or not.
Incidentally, an issue I noticed started occurring around the same time is that csf will no longer provide help information when you just run 'csf' or 'csf -h'
# csf
csf: v13.05 (generic)
# csf -h
csf: v13.05 (generic)
Any thoughts on this? It's been affecting us randomly on various servers for several months now, and several csf upgrades / complete reinstalls.
Thanks!
We've been having some issues the last couple months with quite a few servers, suddenly ssh is open and we are receiving reports of tons of root login attempts.
reloading csf with 'csf -r' OR rebooting resolves the issue
an nmap of the server will show all ports open, as if no firewall is running at all
csf continues to write to the log showing it is blocking IPs, but it does not appear to be actually doing so
iptables -L still shows all expected rules
I use ipset normally, and I've tried disabling that to see if it was causing the issue, but it happens regardless of whether ipset is enabled or not.
Incidentally, an issue I noticed started occurring around the same time is that csf will no longer provide help information when you just run 'csf' or 'csf -h'
# csf
csf: v13.05 (generic)
# csf -h
csf: v13.05 (generic)
Any thoughts on this? It's been affecting us randomly on various servers for several months now, and several csf upgrades / complete reinstalls.
Thanks!