Page 1 of 1
SMTP_Block & Cpanel Updates
Posted: 17 Apr 2007, 19:12
by rootdet
When ever i have the security settings set to MED or High, i cannot update cpanel, but i can when i set it to low, why?
SMTP_block also doesnt work, if i set to med or high i need to go in and disable this because i get an iptables error.
any idea's on how to fix this?
Posted: 17 Apr 2007, 19:21
by rootdet
here is the error stuff when i restart
]Restarting csf...
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `INVDROP'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `acctboth'
Deleting chain `INVDROP'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Deleting chain `acctboth'
Restarting bandmin acctboth chains for cPanel
ACCEPT all opt -- in lo out * 0.0.0.0/0 -> 0.0.0.0/0
ACCEPT all opt -- in * out lo 0.0.0.0/0 -> 0.0.0.0/0
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:67
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:67
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:68
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:68
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:111
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:111
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:113
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:113
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpts:135:139
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpts:135:139
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:445
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:445
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:513
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:513
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:520
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:520
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_OUT Blocked* '
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_OUT Blocked* '
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
INVDROP all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 state INVALID
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x3F/0x00
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x3F/0x3F
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x03/0x03
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x06/0x06
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x05/0x05
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x11/0x01
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x18/0x08
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x30/0x20
INVDROP all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 state INVALID
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x3F/0x00
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x3F/0x3F
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x03/0x03
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x06/0x06
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x05/0x05
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x11/0x01
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x18/0x08
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x30/0x20
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt -- in !lo out * 61.144.43.238 -> 0.0.0.0/0
DROP all opt -- in * out !lo 0.0.0.0/0 -> 61.144.43.238
DROP all opt -- in !lo out * 64.14.3.215 -> 0.0.0.0/0
DROP all opt -- in * out !lo 0.0.0.0/0 -> 64.14.3.215
DROP all opt -- in * out * 213.82.59.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 61.134.65.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 62.94.33.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 196.35.64.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 61.134.64.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 218.106.91.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 209.208.170.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 220.178.32.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 122.32.155.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 80.93.223.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.200.202.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 82.12.214.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.125.242.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.125.96.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 63.245.13.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 190.48.21.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 59.112.80.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 211.138.83.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 202.107.229.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 61.153.139.0/24 -> 0.0.0.0/0
DSHIELD all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt -- in * out * 123.176.80.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 128.13.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 132.232.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 134.33.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 138.252.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 143.49.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 148.3.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 152.147.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 167.97.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 170.67.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 192.160.44.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 192.67.16.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 193.110.136.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 193.19.120.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 193.238.120.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 193.238.36.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 194.146.204.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 195.114.16.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 195.114.8.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 195.206.120.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 195.214.236.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 195.64.162.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 195.74.88.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 195.95.161.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 196.4.167.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 198.151.152.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 198.186.16.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 198.204.0.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 199.120.163.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 199.166.200.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 199.201.151.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 199.201.152.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 199.245.138.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 199.248.213.0/24 -> 0.0.0.0/0
Posted: 17 Apr 2007, 19:22
by rootdet
continued
DROP all opt -- in * out * 199.60.102.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 200.108.160.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 200.124.64.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 201.71.0.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 202.14.69.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 202.62.252.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.19.101.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.31.88.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 203.33.120.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.34.192.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 203.34.204.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.34.205.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.34.70.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.34.71.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.4.141.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.4.142.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.55.153.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.82.16.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 204.10.176.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 204.13.32.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 204.14.0.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 204.14.24.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 204.236.0.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 204.52.255.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 204.62.213.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 204.89.156.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 204.89.224.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 205.172.188.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 205.210.137.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 205.235.64.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 205.236.189.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.197.134.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.197.175.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.197.176.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.197.177.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.197.28.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.197.29.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.197.99.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.81.80.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 207.191.160.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 208.64.44.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 209.165.224.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 209.197.192.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 209.203.160.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 209.205.192.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 209.205.224.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 211.155.128.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 213.135.80.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 216.108.224.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 216.130.192.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 216.16.128.0/18 -> 0.0.0.0/0
DROP all opt -- in * out * 216.211.144.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 217.69.112.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 58.83.4.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 63.246.32.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 64.18.240.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 64.28.176.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 65.182.128.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 65.255.32.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 66.102.32.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 66.110.72.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 66.181.160.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 66.185.112.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 66.235.128.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 66.55.160.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 66.64.96.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 66.79.96.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 69.10.0.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 69.67.64.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 69.8.176.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 72.21.128.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 72.21.64.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 80.71.64.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 81.17.16.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 81.95.144.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 83.223.224.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 83.223.240.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 85.255.112.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 86.105.230.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 86.111.128.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 86.59.128.0/17 -> 0.0.0.0/0
DROP all opt -- in * out * 86.59.160.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 88.206.0.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 88.206.0.0/17 -> 0.0.0.0/0
DROP all opt -- in * out * 88.206.64.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 88.206.8.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 88.206.80.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 89.104.112.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 89.145.128.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 89.187.192.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 89.233.64.0/18 -> 0.0.0.0/0
DROP all opt -- in * out * 89.32.203.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 89.35.0.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 91.146.112.0/20 -> 0.0.0.0/0
SPAMHAUS all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
REJECT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:25 reject-with icmp-port-unreachable
iptables: No chain/target/match by that name
ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:25 OWNER UID match 0
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `DSHIELD'
Flushing chain `INVDROP'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `SPAMHAUS'
Flushing chain `acctboth'
Deleting chain `DSHIELD'
Deleting chain `INVDROP'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Deleting chain `SPAMHAUS'
Deleting chain `acctboth'
Error: iptables command [/sbin/iptables -v -I OUTPUT -p tcp --dport 25 -m owner --uid-owner 0 -j ACCEPT] failed, at line 537
...Done.
Restarting lfd...
Stopping lfd:[ OK ]
[ OK ]
Starting lfd:[ OK ]
...Done.
Posted: 18 Apr 2007, 22:24
by chirpy
Are you running on a VPS? If so, then Virtuozzo don't support the standard iptables module ipt_owner, so you cannot use the SMTP_BLOCK option and should disable it. If you're not on a VPS, are you running a custom kernel?
Posted: 19 May 2007, 17:50
by Meeven
chirpy wrote:Are you running on a VPS? If so, then Virtuozzo don't support the standard iptables module ipt_owner, so you cannot use the SMTP_BLOCK option and should disable it.
Will it be a good idea then to make use of WHM's SMTP_BLOCK and SMTP_ALLOWLOCAL settings at Tweak Security instead of the CSF config? I am on a VPS.
Posted: 25 May 2007, 15:55
by chirpy
There's no point in enabling the setting in WHM as it will simply silently fail and not work as it uses the same iptables rules as csf does.
Posted: 02 Jun 2007, 01:35
by MACscr
please remove, wrong forum