CSF suddenly blocking previously allowed outbound traffic
Posted: 01 Oct 2022, 12:44
I can't explain why this is happening, but in recent weeks CSF has begun blocking outbound traffic to specific update servers for cPanel services. At first I thought it was all related to a forced server host name change by GoDaddy, but on further review it seems to be something else. The timing of it all just made it all suspect though.
My general IP4 configs:
TCP_IN: 20,21,25,53,80,110,143,443,465,587,993,995,2224,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,8443
TCP_OUT: 20,21,22,25,37,43,53,80,110,113,443,587,873,993,995,2086,2087,2089,2703
Over the last few weeks outbound script for automated update services all began failing:
After re-enabling CSF, I then added the IPs for those servers to csf.allow, and then all the scripts and test "wget"s started working again. But I never had to add these IPs before, so what possibly changed? What made the TCP_OUT be ignored or superseded by the csf.allow list. I always thought the csf.allow list was for inbound traffic only, but apparently its a list that is bi-directional.
I would like to get this working back the way it was. I don't want to have to white list all automated scripts destination IPs or keep up with a changing list over time. What can I look at or tweak to restore the way this was working previously?
Additionally - when all of the above happened it also appears the CSF is blocking certain inbound connections for mail server. It was blocking inbound connections for support emails from GoDaddy.com and Configserver.com (of all things). Also had reports from some users they were now unable to get to some of my domain websites. These might all be unrelated issues, but the timing of all of them suddenly happening at the same time, especially when I hadn't made any CSF changes in like 6 months, is quite suspect.
OS: CentOS v7.9.2009 STANDARD kvm
cPanel Version: 106.0.8
CSF: v14.17
My general IP4 configs:
TCP_IN: 20,21,25,53,80,110,143,443,465,587,993,995,2224,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,8443
TCP_OUT: 20,21,22,25,37,43,53,80,110,113,443,587,873,993,995,2086,2087,2089,2703
Over the last few weeks outbound script for automated update services all began failing:
- 1. AutoSSL: store.cpanel.net
2. download.configsever.com
3. update.cpanel.net
After re-enabling CSF, I then added the IPs for those servers to csf.allow, and then all the scripts and test "wget"s started working again. But I never had to add these IPs before, so what possibly changed? What made the TCP_OUT be ignored or superseded by the csf.allow list. I always thought the csf.allow list was for inbound traffic only, but apparently its a list that is bi-directional.
I would like to get this working back the way it was. I don't want to have to white list all automated scripts destination IPs or keep up with a changing list over time. What can I look at or tweak to restore the way this was working previously?
Additionally - when all of the above happened it also appears the CSF is blocking certain inbound connections for mail server. It was blocking inbound connections for support emails from GoDaddy.com and Configserver.com (of all things). Also had reports from some users they were now unable to get to some of my domain websites. These might all be unrelated issues, but the timing of all of them suddenly happening at the same time, especially when I hadn't made any CSF changes in like 6 months, is quite suspect.
OS: CentOS v7.9.2009 STANDARD kvm
cPanel Version: 106.0.8
CSF: v14.17