Page 1 of 1

Unable to start lfd on centOS 8.2 with DA

Posted: 04 Sep 2020, 08:09
by damiank
Hey,
I'm unable to start lfd on centOS 8.2 with DirectAdmin v.1.61.3. iptables v1.8.4 (nf_tables). CSF and LFD in newest versions.

Logs:

CSF:
csf[2292642]: iptables v1.8.4 (nf_tables): RULE_APPEND failed (Invalid argument): rule in chain OUTPUT
csf[2292642]: LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
csf[2292642]: iptables v1.8.4 (nf_tables): RULE_APPEND failed (Invalid argument): rule in chain INPUT
csf[2292642]: LOGDROPIN all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
csf[2292642]: csf: FASTSTART loading DNS (IPv4)
csf[2292642]: iptables v1.8.4 (nf_tables): RULE_INSERT failed (No such file or directory): rule in chain OUTPUT
csf[2292642]: LOCALOUTPUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
csf[2292642]: iptables v1.8.4 (nf_tables): RULE_INSERT failed (Invalid argument): rule in chain INPUT
csf[2292642]: LOCALINPUT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
systemd[1]: Started ConfigServer Firewall & Security - csf.
systemd[1]: Stopping ConfigServer Firewall & Security - csf...
systemd[1]: csf.service: Stopping timed out. Terminating.
systemd[1]: csf.service: Control process exited, code=killed status=15
systemd[1]: csf.service: Failed with result 'timeout'.
systemd[1]: Stopped ConfigServer Firewall & Security - csf.
systemd[1]: Starting ConfigServer Firewall & Security - csf...

LFD:
systemd[1]: Starting ConfigServer Firewall & Security - lfd...
systemd[1]: lfd.service: Start operation timed out. Terminating.
systemd[1]: lfd.service: Failed with result 'timeout'.
systemd[1]: Failed to start ConfigServer Firewall & Security - lfd.

There was also a problem with start of iptables service, which is fine after reboot.

Re: Unable to start lfd on centOS 8.2 with DA

Posted: 05 Sep 2020, 14:25
by damiank
Just mentioning that I'm using newest standard version of CSF nad LFD and did not change any configuration. When error occured I tried to restore and upgrade iptables. It did not helped.

Re: Unable to start lfd on centOS 8.2 with DA

Posted: 30 Oct 2020, 01:59
by websavers
Did you find a fix for this? We're experiencing the same with CentOS 8.2.

Re: Unable to start lfd on centOS 8.2 with DA

Posted: 01 Nov 2020, 21:02
by anykillator
Hello, i had the same issue after update csf to the last version. I can fixed installing ipset. In you WHM go to Software / Install an RPM / ipset / Install.

I hope this help you!

Re: Unable to start lfd on centOS 8.2 with DA

Posted: 23 Oct 2021, 16:07
by Black Tiger
I've seen that @forumadmin put this out of the bug section, but this is certainly -not- a configuration failure in csf.conf. This is happening with people who have not even changed the config and had it running without issues for some time.

You find the issue all over Google. Seems it might have to do with some sudden incompatibility between some OpenVZ kernel versions or some conflicting issue with iptables and nftables working together on Centos 8.

IPSET is nice if you have a lot of blocks but won't fix this issue on fresh systems.

It might well be the way CSF is calling things is conflicting in some way with nftables, causing this behaviour which is seen in some rare cases on OpenVZ systems.

I don't have enough knowledge about this, but as it's happening more, it sure would be nice to have this fixed.

Re: Unable to start lfd on centOS 8.2 with DA

Posted: 23 Oct 2021, 16:12
by ForumAdmin
We stopped supporting Virtuozzo and OpenVZ back in March 2020 for all of our products:
https://blog.configserver.com/?p=3591