Page 1 of 1

Blocks active even after csf --disable

Posted: 02 Aug 2023, 12:56
by hornbill047
Have been using CSF for many years. But now started seeing a very strange behaviour in Debian 11. Even after doing csf --disable, I still see blocks happening. I verified CSF is stopped and there are no rules in iptables.

# iptables -L -n -v
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT 67390 packets, 53M bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 55888 packets, 52M bytes)
pkts bytes target prot opt in out source destination

# journalctl -f
Aug 02 11:24:10 my-hostname-1 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=ens5 SRC=10.100.36.245 DST=10.100.36.1 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=49785 DF PROTO=UDP SPT=68 DPT=67 LEN=308 UID=0 GID=0
Aug 02 11:24:10 my-hostname-1 kernel: Firewall: *TCP_OUT Blocked* IN= OUT=ens5 SRC=10.100.36.245 DST=10.100.158.18 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=40718 DF PROTO=TCP SPT=53402 DPT=8443 WINDOW=62727 RES=0x00 SYN URGP=0 UID=0 GID=0

Server doesn't have ufw or firewalld running.

# systemctl status ufw
Unit ufw.service could not be found.
You have new mail in /var/mail/root

# systemctl status firewalld
● firewalld.service
Loaded: masked (Reason: Unit firewalld.service is masked.)
Active: inactive (dead)

Has anyone seen this before and knows about it ?

Re: Blocks active even after csf --disable

Posted: 03 Aug 2023, 15:42
by alexf
Do you have cphulkd or similar also running on this server? Cphulkd uses a separate table.