ConfigServer Community Forum

Hi.

On a machine with CSF (although on others the problem has appeared after writing this ticket)

It has been installed and running for years.
The settings are very restrictive. Only port of entry 53 is open, the rest are not.
Access is only allowed to my ips. One of them dynamic, added to csf.dyndns

Today I couldn't get in. So I logged into the server via KVM (it's a proxmox)

The first thing I tried, was `csf -x` and `iptables -L`

Disabled and no rules.

But my surprise is that the log that appears on the screen continues to show me firewall activity, and among the IPs that I see blocking are those of my connection (connection attempt via SSH to the machine)

Before I had tried ssh connecting to localhost and without problem.


I double check that the csf is disabled.

I do the same after enabling and stopping it with systemctl.


I am desperate because I cannot understand what is happening.


Restarting that proxmox is a pain, and something tells me that although the csf + lfd service is stopped (inactive it says) in memory it continues or I don't understand it.

After to try stop, CSF Firewall, CSF Firewall service, remove CSF Firewall, clean iptables...

Shutdown machine with CSF uninstalled.

Server accesible.

Reinstall csf, Restore /etc/csf/, restart csf and now is accesible.

Is the first time since 1998 working with systems that I see an issue how this.

Don't confuse what CSF and LFD are doing, with the firewall. CSF works hand in hand with "iptables". It is "iptables" that is the brick wall to either allow or deny IP traffic. You can stop CSF and the "iptables" rules are still in place and effect.

In your 2nd post you mentioned in your steps that you "clean iptables", that is what fixed your issue. The command to flush all iptables rules on CentOS is "iptables -F", use only in when in dire straights.

Likely your source IP had triggered a block rule and was blocked going forward. If you trust the source IP, it should have been added to your "csf.allow" table, as those entries will never be blocked.

there has to be a way to fix this from ssh that does not require a reboot

CSF Firewall, CSF Firewall service, remove CSF Firewall, clean iptables...


Tried that.. no difference. even after iptables -f the ips still show as blocked in syslog

Please post the output of the command 'iptables -nvL'.
This will show ALL of what is in your iptables and or ipset sets.
If you are using 'ipset' then you will also see something like this in your output. If you see 'match-set chain' in your iptables output, then these are references to an 'ipset' DB table.

Use the command to see ALL ipset sets (this can be a very long listing).
Or use 'ipset list setname' to display a given set. Example: If you are still being blocked, then your issue IS NOT iptables or csf. Try looking at other software on your server such as cphulkd that creates its own blocking table (although it can be configured to also add entries to iptables).

Also, check that you may have the SSH port itself blocked to all traffic in iptables.

I had the same problem. Finally after a lot of search, i found out that the problem was generated due to iptables-legacy (The presence of active iptables-legacy rules alongside iptables-nft which is used and update by csf). in my case i ran iptables-legacy -nvL and found out that it was affecting my system and was not updated from csf rules. Modifying rules there, resolved my problem. One solution is to disabled but you should do it with caution since it may affect system's connectivity.