ConfigServer Community Forum

Hi,

I set rules on CSF v6.47 and close ports on a dedicated running CENTOS 5.10 and WHM 11.40.1 with mod_security configured, all was working normally until lfd crashed and started sending notifications every 5 minutes attempting the automagicaly restarts and failures.

Actual Situation:

CSF is running on this machine
Do NOT flush the firewall

root@server [~]#
root@server [~]# /etc/init.d/lfd restart
Stopping lfd: [ OK ]
Starting lfd:
Error: You have an unresolved error when starting csf. You need to restart csf s uccessfully before starting lfd (see /etc/csf/csf.error)
[ OK ]

root@server [~]# /etc/csf/csftest(dot)pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

CSF Error log:

root@server [~]# cat /etc/csf/csf.error
Error: Error processing command for line [1854] (6 times): [iptables: Unknown error 4294967295], at line 1854 in /usr/sbin/csf

Any Help Please, i am stuck. Thanks

By the way line 1854 of csf reads:

root@server [~]# sed -n '1854p' /etc/csf/csf(dot)pl

&syscommand(__LINE__,"$config{IPTABLES} $verbose -A INPUT $ethdevin -p tcp $statemodule NEW --dport $port -j $accept");

How many rules your CSF.DENY has?
Have you made any manual modifications to that file?
What happens if you restart CSF?

Hi,

CSF was working fine until I configured dns reverse and closed some unused ports.

i have 100 entries in CSF.DENY, i made it 200 which max. I went back to CSF config in WHM and made other changes on ports and i noticed a new error which is:

Error processing command for line [1875] (6 times): [iptables: Unknown error 4294967295], at line 1875

When i restart CSF, last lines that displays are:

ACCEPT tcp opt in !lo out * ::/0 -> ::/0 tcp dpt:22
ACCEPT tcp opt in !lo out * ::/0 -> ::/0 tcp dpt:25
ACCEPT tcp opt in !lo out * ::/0 -> ::/0 tcp dpt:53
ACCEPT tcp opt in !lo out * ::/0 -> ::/0 tcp dpt:80
ACCEPT tcp opt in !lo out * ::/0 -> ::/0 tcp dpt:110
ACCEPT tcp opt in !lo out * ::/0 -> ::/0 tcp dpt:143
ACCEPT tcp opt in !lo out * ::/0 -> ::/0 tcp dpt:443
ACCEPT tcp opt in !lo out * ::/0 -> ::/0 tcp dpt:465
ACCEPT tcp opt in !lo out * ::/0 -> ::/0 tcp dpt:587
ACCEPT tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 state NEW tcp dpt:20
iptables: Unknown error 4294967295
ACCEPT tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 state NEW tcp dpt:21
Error: Error processing command for line [1875] (6 times): [iptables: Unknown error 4294967295], at line 1875

Thanks a lot