Page 1 of 1
Whtielsiting on Ubuntu Not Working
Posted: 06 Aug 2023, 17:29
by greenot
When adding a new ip to the allow list using csf -a, the rule seems to be isnerted into IPTables, however, its not being honored. We still see blocking messages in syslog.
Rebooting is the only way I have found to clear it. Disabling fasstart did not work, enable/disable did not work.
Any ideas on this?
Re: Whtielsiting on Ubuntu Not Working
Posted: 06 Aug 2023, 21:09
by greenot
It looks like it might have something to do with iptables-legacy
Re: Whtielsiting on Ubuntu Not Working
Posted: 20 Aug 2023, 13:19
by Shagoon
I've got the same issue on several Ubuntu and Debian servers.
Can confirm that rebooting the server does indeed fix the issue, but this is quite a big inconvenience for production servers.
Did anyone find any other solution that doesn't require a server reboot?
Thanks.
Re: Whtielsiting on Ubuntu Not Working
Posted: 21 Aug 2023, 05:34
by Sergio
When this happens, and if cPhulk is enabled on your server, try to check if the IP is not blocked by cPhulk.
I had a similar issue and after checking everything I found that cPhulk was blocking the IPs not CSF.
Re: Whtielsiting on Ubuntu Not Working
Posted: 21 Aug 2023, 08:55
by Shagoon
cPhulk is not installed on any of the affected servers.
Even adding rules to iptables manually doesn't have any effect until a server reboot is performed.
I think it's related to what @greenot said about iptables-legacy, but I couldn't find a solution yet.
Re: Whtielsiting on Ubuntu Not Working
Posted: 22 Sep 2023, 11:22
by pluggi
I'am facing a simular problem today.
I whitelisted an ipv4 network in csf.allow, reloaded csf.
Check iptables output afterwards, the network is listed but still blocked.
Did you find a workaround beside rebooting?