Heya Chirpy,
Thanks for your continued work on this fabulous piece of software!
We've received a number of reports today from clients whose CSF/LFD won't restart due to the following error:
Error: iptables command [/sbin/iptables -v -I OUTPUT -p tcp --dport 25 -m owner --uid-owner 0 -j ACCEPT] failed, you appear to be missing a required iptables module, at line 332
We fix this by disabling SMTP_BLOCK in the CSF configuration, and realize it is in regard to the CSF update that occurred today.
We are running one of the latest stable VZ4 kernels on our host nodes. Is there any way to have this new feature set as a toggle of some sort that is disabled by default? Edit: Or perhaps check against this kernel module before enabling this? I fear there are a large number of people who have not noticed this problem whose CSF is not functional at this time.
Thanks!
Jim
ServInt
New SMTP_BLOCK Feature
Hi Jim,
SMTP_BLOCK is disabled by default in csf.
As you know, one of the main problems on the VPS client is the inability to determine which iptables kernel modules are available (as is the case for any monolithic kernel) and it makes it impossible to determine whether such iptables features will work.
Having said that, I've just been searching for information on the Parallels and OPenVZ site and cannot find any information about ipt_owner being added to the latest stable kernel.
Edit: Thinking about it some more, I'll put a test in to see if ipt_owner works and if not disable the option when starting csf. This way, if the iptables command works, all is OK. If it fails, csf will still start without errors but with SMTP_BLOCK disabled.
SMTP_BLOCK is disabled by default in csf.
As you know, one of the main problems on the VPS client is the inability to determine which iptables kernel modules are available (as is the case for any monolithic kernel) and it makes it impossible to determine whether such iptables features will work.
Having said that, I've just been searching for information on the Parallels and OPenVZ site and cannot find any information about ipt_owner being added to the latest stable kernel.
Edit: Thinking about it some more, I'll put a test in to see if ipt_owner works and if not disable the option when starting csf. This way, if the iptables command works, all is OK. If it fails, csf will still start without errors but with SMTP_BLOCK disabled.