Blocks active even after csf --disable
Posted: 02 Aug 2023, 12:56
Have been using CSF for many years. But now started seeing a very strange behaviour in Debian 11. Even after doing csf --disable, I still see blocks happening. I verified CSF is stopped and there are no rules in iptables.
# iptables -L -n -v
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT 67390 packets, 53M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 55888 packets, 52M bytes)
pkts bytes target prot opt in out source destination
# journalctl -f
Aug 02 11:24:10 my-hostname-1 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=ens5 SRC=10.100.36.245 DST=10.100.36.1 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=49785 DF PROTO=UDP SPT=68 DPT=67 LEN=308 UID=0 GID=0
Aug 02 11:24:10 my-hostname-1 kernel: Firewall: *TCP_OUT Blocked* IN= OUT=ens5 SRC=10.100.36.245 DST=10.100.158.18 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=40718 DF PROTO=TCP SPT=53402 DPT=8443 WINDOW=62727 RES=0x00 SYN URGP=0 UID=0 GID=0
Server doesn't have ufw or firewalld running.
# systemctl status ufw
Unit ufw.service could not be found.
You have new mail in /var/mail/root
# systemctl status firewalld
● firewalld.service
Loaded: masked (Reason: Unit firewalld.service is masked.)
Active: inactive (dead)
Has anyone seen this before and knows about it ?
# iptables -L -n -v
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT 67390 packets, 53M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 55888 packets, 52M bytes)
pkts bytes target prot opt in out source destination
# journalctl -f
Aug 02 11:24:10 my-hostname-1 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=ens5 SRC=10.100.36.245 DST=10.100.36.1 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=49785 DF PROTO=UDP SPT=68 DPT=67 LEN=308 UID=0 GID=0
Aug 02 11:24:10 my-hostname-1 kernel: Firewall: *TCP_OUT Blocked* IN= OUT=ens5 SRC=10.100.36.245 DST=10.100.158.18 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=40718 DF PROTO=TCP SPT=53402 DPT=8443 WINDOW=62727 RES=0x00 SYN URGP=0 UID=0 GID=0
Server doesn't have ufw or firewalld running.
# systemctl status ufw
Unit ufw.service could not be found.
You have new mail in /var/mail/root
# systemctl status firewalld
● firewalld.service
Loaded: masked (Reason: Unit firewalld.service is masked.)
Active: inactive (dead)
Has anyone seen this before and knows about it ?