Page 1 of 1
Blocking with no logs?
Posted: 22 Dec 2008, 16:24
by mistaneat
I've seen a lot of reports of clients being blocked by the firewall, yet there are no logs that LFD ever blocked that IP. Messenger service is being used. Synflood is off. Any reason why blocks would be occurring with no logs indicating so.
Posted: 24 Dec 2008, 15:21
by chirpy
You would need to use the grep function of csf to see if an IP address is blocked and where. The only place an IP address could be blocked in iptables and not appear in iptables explicitly (or implicitly in a CIDR range) is if you use the latest ipt_recent option PORTFLOOD. Apart from that, or inclusion in one of the BLOCKLISTS, lfd will always log in lfd.log when it adds an ip address to iptables.
The only other likely cause is if you have anything else that blocks connections, e.g. cPHulk on cPanel.
Posted: 24 Dec 2008, 21:03
by mistaneat
The messenger service is reporting the block to the end user so I assume that it is a CSF/LFD related block rather than another service. CSF/LFD doesn't modify existing IPtables blocks to forward as far as I'm aware. (CPhulkd is also disabled).
The blocks are temporary blocks because when we go to examine the issue the IP is no longer blocked. Checking the logs also reveals nothing. PORTFLOOD is not being used. None of the block lists (BOGON, SpamHaus, or DSHIELD) are enabled. So the issue is quite odd.
Let me know if you have any additional ideas as to what could be causing these occasional temporary block issues.