I am following this documentation. https://doc.owncloud.com/server/admin_m ... er-compose
If I disable CSF all works, but if it's enabled, it doesn't and I see these messages in the logs.
Now, as I see CSF is blocking the traffic between the docker containers or just the port 8080? It's not clear for me.
Any tips?
I setup CSF with ansible using the following config:
Code: Select all
csf_global_ini:
- option: TESTING
value: "0"
- option: RESTRICT_SYSLOG
value: "2"
- option: URLGET
value: "2"
- option: TCP_IN
value: "22,80,443,2096,5022,5023,{{ hostvars[inventory_hostname]['ansible_port'] | default('22') }},10000:11000"
- option: TCP_OUT
value: "22,25,53,80,110,113,443,465,587,993,995,2096,5022,5023,5224,{{ hostvars[inventory_hostname]['ansible_port'] | default('22') }},10000:11000"
- option: UDP_IN
value: "53,1194"
- option: UDP_OUT
value: "53,113,123,1194,10000:11000"
- option: DOCKER
value: "1"
- option: DYNDNS
value: "1"
- option: WAITLOCK
value: "0"
csf_allow:
- 10.40.0.0/16
- 172.17.0.0/16 #allow docker
Code: Select all
Jul 2 00:32:20 es2cnt kernel: [2560193.733225] Firewall: *TCP_OUT Blocked* IN= OUT=br-9a93e60664a4 SRC=172.21.0.1 DST=172.21.0.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=824 DF PROTO=TCP SPT=59060 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 UID=0 GID=0
Jul 2 00:32:21 es2cnt kernel: [2560194.755762] Firewall: *TCP_OUT Blocked* IN= OUT=br-9a93e60664a4 SRC=172.21.0.1 DST=172.21.0.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=825 DF PROTO=TCP SPT=59060 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 UID=0 GID=0
Jul 2 00:32:23 es2cnt kernel: [2560196.708945] Firewall: *TCP_OUT Blocked* IN= OUT=br-9a93e60664a4 SRC=172.21.0.1 DST=172.21.0.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7256 DF PROTO=TCP SPT=59070 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 UID=0 GID=0
Jul 2 00:32:24 es2cnt kernel: [2560197.732198] Firewall: *TCP_OUT Blocked* IN= OUT=br-9a93e60664a4 SRC=172.21.0.1 DST=172.21.0.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7257 DF PROTO=TCP SPT=59070 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 UID=0 GID=0
Jul 2 00:32:26 es2cnt kernel: [2560200.382369] Firewall: *TCP_OUT Blocked* IN= OUT=br-9a93e60664a4 SRC=172.21.0.1 DST=172.21.0.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1699 DF PROTO=TCP SPT=59084 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 UID=0 GID=0
Jul 2 00:32:27 es2cnt kernel: [2560201.412034] Firewall: *TCP_OUT Blocked* IN= OUT=br-9a93e60664a4 SRC=172.21.0.1 DST=172.21.0.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1700 DF PROTO=TCP SPT=59084 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 UID=0 GID=0