IP address blocked after a while
Posted: 16 Dec 2024, 12:47
Hi there,
We allow remote MySQL access for specific IP adress, by adding a rule to the csf.allow file as following;
d=3306|s=<ip_address> #
This has been working fine for a couple of years now.
However, since a few days we got multiple complaints that MySQL access is blocked. When checking the logs I see these entries; indicating that the port is blocked. I have seen multiple cases of this, on seperate servers.
Dec 16 13:20:29 server kernel: Firewall: *TCP_IN Blocked* IN=public_ipv4 OUT= MAC=***********************:***************** SRC=************* DST=************ LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=39336 DF PROTO=TCP SPT=38626 DPT=3306 WINDOW=42340 RES=0x00 SYN URGP=0
Restarting CSF solves the issue, but it usually comes back after a couple of days. I cannot find any log details on why the IP address was blocked in the first place, which is the case when an IP address is blocked by cphulk for example.
This is a CloudLinux 8 server, running cPanel.
Is this a bug in a new version of CSF, or is there anything else I am missing?
Thanks!
We allow remote MySQL access for specific IP adress, by adding a rule to the csf.allow file as following;
d=3306|s=<ip_address> #
This has been working fine for a couple of years now.
However, since a few days we got multiple complaints that MySQL access is blocked. When checking the logs I see these entries; indicating that the port is blocked. I have seen multiple cases of this, on seperate servers.
Dec 16 13:20:29 server kernel: Firewall: *TCP_IN Blocked* IN=public_ipv4 OUT= MAC=***********************:***************** SRC=************* DST=************ LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=39336 DF PROTO=TCP SPT=38626 DPT=3306 WINDOW=42340 RES=0x00 SYN URGP=0
Restarting CSF solves the issue, but it usually comes back after a couple of days. I cannot find any log details on why the IP address was blocked in the first place, which is the case when an IP address is blocked by cphulk for example.
This is a CloudLinux 8 server, running cPanel.
Is this a bug in a new version of CSF, or is there anything else I am missing?
Thanks!