Page 1 of 1

csf suddenly stops blocking traffic -- all ports open

Posted: 20 Aug 2019, 19:04
by tvc
Hi,

We've been having some issues the last couple months with quite a few servers, suddenly ssh is open and we are receiving reports of tons of root login attempts.

reloading csf with 'csf -r' OR rebooting resolves the issue

an nmap of the server will show all ports open, as if no firewall is running at all

csf continues to write to the log showing it is blocking IPs, but it does not appear to be actually doing so

iptables -L still shows all expected rules

I use ipset normally, and I've tried disabling that to see if it was causing the issue, but it happens regardless of whether ipset is enabled or not.

Incidentally, an issue I noticed started occurring around the same time is that csf will no longer provide help information when you just run 'csf' or 'csf -h'

# csf
csf: v13.05 (generic)

# csf -h
csf: v13.05 (generic)

Any thoughts on this? It's been affecting us randomly on various servers for several months now, and several csf upgrades / complete reinstalls.

Thanks!

Re: csf suddenly stops blocking traffic -- all ports open

Posted: 23 Aug 2019, 20:19
by tvc
Could really use some help on this folks. It is consistently an issue across multiple servers.

Thanks!