ConfigServer Community Forum

My server is Centos 5.6. I use Webmin to manage it. I have csf installed (can't remember if I installed it or what but it's version 6.37), but haven't been using it. I just use the Linux Firewall configuration tool in Webmin. However, my rules do not appear to be effective (working). In the csf configuration of Webmin, when I click on the "View iptables Rules" button, it appears that none of my rules are in there (I'm doing some IP allows/denys).

So, does csf being installed and running keep the "regular" iptables from running or perhaps prevents or changes Webmin's "Linux Firewall" configuration tool to not work.

csf looks very interesting, and I might use it, but I wanted to know this bit of very fundamental information first. I have searched the forums and google, but haven't found anything to answer my question. I'm a firm believer of doing my own reading/research, so feel free to just point me to the information.

Thanks for your help!

I am wondering the exact same thing, I installed this in our development area when I noticed the install of CSF wiped all of my previous iptable rules. Considering we are a major hosting company that does a-lot of virtual hosting. We have many.. many rules in place on this web loadbalancer, especially mangle tables.. Therefore it would be unfeasible to manually re-enter all of these rules. But I really would like to make this work for us..

Is there a way to prevent CSF from deleting all the currently iptable rules in place during the CSF loading process and the entries coincide in harmony? updated note: all iptables rules are wiped upon the starting or restarting of the csf service


fyi: not trying to hijack the thread, it appears we have the same issue and wanted to keep it consolidated rather than making duplicate threads.

--EDIT (Update)
Since noone from the CSF team ever chimed in, this is what I found out..
CSF overrides iptables completely. Because when you start CSF it appears that it wipes all current rules and ignores your standard iptable rules. HOWEVER, it is possible to add custom rules to CSF..

CSF provides pre and post scripts which executes before or after the CSF service starts or restarts.
csfpre(dot)sh: To run external commands before csf configures iptables
csfpost(dot)sh: To run external commands after csf configures iptables
Reference Example: [url]http://tecadmin(dot)net/add-custom-iptables-rules-with-csf/#[/url]
(sorry for the dot, im not allowed to post url links yet)

In my case, I made a copy of all my current iptable rules pre-csf running (including mangle tables) and divided them in the correct fashion between csfpre sh and csfpost sh depending on how the rules needed to have more priority to prevent conflicts, obviously.

Hope that helps