open ports still blocked
Posted: 24 Aug 2023, 12:54
I am using CSF on Debian 11 server, I installed Wazuh agent and I opened ports 1514 and 1515 in TCP OUT in csf.conf and in csf.allow
restart the CSF by csf -ra, also I used csf -f m but the ports still clocked and I see this in syslog
Aug 24 11:46:16 dns kernel: [48646279.184584] Firewall: *TCP_OUT Blocked* IN= OUT=ens5 SRC=172.31.31.157 DST=X.X.X.X LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=48959 DF PROTO=TCP SPT=48978 DPT=1515 WINDOW=62727 RES=0x00 SYN URGP=0 UID=112 GID=120
Aug 24 11:46:17 dns kernel: [48646280.223646] Firewall: *TCP_OUT Blocked* IN= OUT=ens5 SRC=172.31.31.157 DST=X.X.X.X LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=48960 DF PROTO=TCP SPT=48978 DPT=1515 WINDOW=62727 RES=0x00 SYN URGP=0 UID=112 GID=120
any suggestions
Thanks in advance
restart the CSF by csf -ra, also I used csf -f m but the ports still clocked and I see this in syslog
Aug 24 11:46:16 dns kernel: [48646279.184584] Firewall: *TCP_OUT Blocked* IN= OUT=ens5 SRC=172.31.31.157 DST=X.X.X.X LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=48959 DF PROTO=TCP SPT=48978 DPT=1515 WINDOW=62727 RES=0x00 SYN URGP=0 UID=112 GID=120
Aug 24 11:46:17 dns kernel: [48646280.223646] Firewall: *TCP_OUT Blocked* IN= OUT=ens5 SRC=172.31.31.157 DST=X.X.X.X LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=48960 DF PROTO=TCP SPT=48978 DPT=1515 WINDOW=62727 RES=0x00 SYN URGP=0 UID=112 GID=120
any suggestions
Thanks in advance