ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Problem with CSF Rules

https://mail.forum.configserver.com/viewtopic.php?t=7701

Page 1 of 1

Problem with CSF Rules

Posted: 07 Apr 2014, 10:46
by hectorros
Hi !

I have a server with CSF Installed and configured (Like others dozens), with port 80 open:

Code: Select all

# Allow incoming TCP ports
TCP_IN = "80,443,8080,1935,8083,514,465,123"

# Allow outgoing TCP ports
TCP_OUT = "80,20,21,22,25,53,110,113,443,8080,1935,8083,512,465,123"

# Allow incoming UDP ports
UDP_IN = "53,1935,465,123"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "53,1935,465,123"
but if enable the firewall, it start droping connections to port 80:

Code: Select all

OS=0x00 PREC=0x00 TTL=59 ID=52185 DF PROTO=TCP SPT=49919 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 
Apr  7 11:33:15 VTS-70-219 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:c1:4c:60:00:d0:00:xx:54:xx:08:00 SRC=xx.155.xx.220 DST=xx.xx.xx.120 LEN=40 TOS=0x00 PREC=0x00 TTL=122 ID=11664 DF PROTO=TCP SPT=63620 DPT=80 WINDOW=260 RES=0x00 ACK FIN URGP=0 
Apr  7 11:33:17 VTS-70-219 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:c1:4c:60:00:d0:00:xx:54:x:08:00 SRC=xx.17.xx.89 DST=xx.xx.xx.120 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=26184 DF PROTO=TCP SPT=51762 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 
Apr  7 11:33:19 VTS-70-219 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:c1:4c:60:00:d0:00:xx:54:xx:08:00 SRC=xx.39.xx.179 DST=xx.xx.xx.120 LEN=60 TOS=0x00 PREC=0x00 TTL=121 ID=30603 DF PROTO=TCP SPT=20104 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 
Apr  7 11:33:21 VTS-70-219 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:c1:4c:60:00:d0:00:xx:54:xx:08:00 SRC=xx.78.xx.213 DST=xx.xx.xx.120 LEN=444 TOS=0x00 PREC=0x00 TTL=120 ID=1248 PROTO=TCP SPT=57877 DPT=80 WINDOW=4356 RES=0x00 ACK PSH URGP=0 
Apr  7 11:33:23 VTS-70-219 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:c1:4c:60:00:d0:00:xx:54:xx:08:00 SRC=xx.121.x.133 DST=xx.xx.xx.120 LEN=64 TOS=0x00 PREC=0x00 TTL=57 ID=43875 DF PROTO=TCP SPT=53800 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 
Apr  7 11:33:25 VTS-70-219 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:c1:4c:60:00:d0:00:xx:54:xx:08:00 SRC=xx.39.xx.179 DST=xx.xx.xx.120 LEN=56 TOS=0x00 PREC=0x00 TTL=121 ID=30666 DF PROTO=TCP SPT=20113 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 
Apr  7 11:33:27 VTS-70-219 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:c1:4c:60:00:d0:00:xx:54:xx:08:00 SRC=xx.29.xx.183 DST=xx.xx.xx.120 LEN=507 TOS=0x00 PREC=0x00 TTL=123 ID=1936 DF PROTO=TCP SPT=49197 DPT=80 WINDOW=251 RES=0x00 ACK PSH URGP=0 
Apr  7 11:33:29 VTS-70-219 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:c1:4c:60:00:d0:00:xx:54:xx:08:00 SRC=xx.59.xx.157 DST=xx.xx.xx.120 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=18016 DF PROTO=TCP SPT=50888 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
my /etc/csf/csf.deny file is empy, no banned ip.

I don't know what is happening

the ony i view different that another servers, is when i start csf, it shows debug option:

Code: Select all

[root@VTS-70-219 log]# csf -e
debug[582]: Command:/sbin/iptables -v -N LOGDROPIN
debug[583]: Command:/sbin/iptables -v -N LOGDROPOUT
debug[584]: Command:/sbin/iptables -v -N DENYIN
debug[585]: Command:/sbin/iptables -v -N DENYOUT
debug[586]: Command:/sbin/iptables -v -N ALLOWIN
debug[587]: Command:/sbin/iptables -v -N ALLOWOUT
debug[588]: Command:/sbin/iptables -v -N LOCALINPUT
debug[589]: Command:/sbin/iptables -v -N LOCALOUTPUT
debug[609]: Command:/sbin/iptables -v -A LOGDROPIN -p tcp --dport 67 -j REJECT
REJECT  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:67 reject-with icmp-port-unreachable 
debug[610]: Command:/sbin/iptables -v -A LOGDROPIN -p udp --dport 67 -j REJECT
REJECT  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  udp dpt:67 reject-with icmp-port-unreachable 
debug[609]: Command:/sbin/iptables -v -A LOGDROPIN -p tcp --dport 68 -j REJECT
REJECT  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:68 reject-with icmp-port-unreachable 
debug[610]: Command:/sbin/iptables -v -A LOGDROPIN -p udp --dport 68 -j REJECT
REJECT  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  udp dpt:68 reject-with icmp-port-unreachable 
debug[609]: Command:/sbin/iptables -v -A LOGDROPIN -p tcp --dport 111 -j REJECT
REJECT  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:111 reject-with icmp-port-unreachable 
debug[610]: Command:/sbin/iptables -v -A LOGDROPIN -p udp --dport 111 -j REJECT
REJECT  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  udp dpt:111 reject-with icmp-port-unreachable 
debug[609]: Command:/sbin/iptables -v -A LOGDROPIN -p tcp --dport 113 -j REJECT
REJECT  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:113 reject-with icmp-port-unreachable 
debug[610]: Command:/sbin/iptables -v -A LOGDROPIN -p udp --dport 113 -j REJECT

...
if anyone can help, I will be very grateful.

Thanks for all !!

Re: Problem with CSF Rules

Posted: 19 Apr 2014, 02:43
by 86brown
Have you solved this after all? Having similar issue on recent install.

Re: Problem with CSF Rules

Posted: 19 Apr 2014, 05:09
by Pravakar
Great forum! Thanks for the information CSF rules. But when I install its don't work how can install it pl. tell me. It is good thanking you
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited