Whtielsiting on Ubuntu Not Working

Post Reply
greenot
Junior Member
Posts: 5
Joined: 20 Jan 2022, 14:56

Whtielsiting on Ubuntu Not Working

Post by greenot »

When adding a new ip to the allow list using csf -a, the rule seems to be isnerted into IPTables, however, its not being honored. We still see blocking messages in syslog.

Rebooting is the only way I have found to clear it. Disabling fasstart did not work, enable/disable did not work.

Any ideas on this?
greenot
Junior Member
Posts: 5
Joined: 20 Jan 2022, 14:56

Re: Whtielsiting on Ubuntu Not Working

Post by greenot »

It looks like it might have something to do with iptables-legacy
Shagoon
Junior Member
Posts: 4
Joined: 10 Dec 2011, 16:25

Re: Whtielsiting on Ubuntu Not Working

Post by Shagoon »

I've got the same issue on several Ubuntu and Debian servers.

Can confirm that rebooting the server does indeed fix the issue, but this is quite a big inconvenience for production servers.

Did anyone find any other solution that doesn't require a server reboot?

Thanks.
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

Re: Whtielsiting on Ubuntu Not Working

Post by Sergio »

When this happens, and if cPhulk is enabled on your server, try to check if the IP is not blocked by cPhulk.
I had a similar issue and after checking everything I found that cPhulk was blocking the IPs not CSF.
Shagoon
Junior Member
Posts: 4
Joined: 10 Dec 2011, 16:25

Re: Whtielsiting on Ubuntu Not Working

Post by Shagoon »

cPhulk is not installed on any of the affected servers.

Even adding rules to iptables manually doesn't have any effect until a server reboot is performed.

I think it's related to what @greenot said about iptables-legacy, but I couldn't find a solution yet.
pluggi
Junior Member
Posts: 3
Joined: 20 Sep 2016, 13:27

Re: Whtielsiting on Ubuntu Not Working

Post by pluggi »

I'am facing a simular problem today.

I whitelisted an ipv4 network in csf.allow, reloaded csf.
Check iptables output afterwards, the network is listed but still blocked.

Did you find a workaround beside rebooting?
Post Reply