csf fails after kernel upgrade; "couldn't load target LOGDROPIN"

[ajkessel]

A VPS I admin recently needed to upgrade from a 2.4 series kernel to 3.12.27. It appears that csf/lfd are no longer working to do any iptables firewall filtering. When I try to add an address with csf -d, I get this error:

Code: Select all

# csf -d xxx.xxx.xxx.xxx
Adding xxx.xxx.xxx.xxx to csf.deny and iptables DROP...
iptables v1.4.21: Couldn't load target `LOGDROPIN':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name.
DROP  all opt -- in * out !lo  0.0.0.0/0  -> xxx.xxx.xxx.xxx 

And when I run iptables -L, all tables are empty:

Code: Select all

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

I understand iptables is being phased out, but I thought it should still work with a compatibility layer in 3.12. Can someone point me in the right direction to get csf filtering back in place on this new kernel?

[ajkessel]

I should note the following as well:

Code: Select all

# /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

[ajkessel]

Turns out this was entirely unrelated -- the default SYSTEMCTL in csf.conf doesn't match Debian standard, so csf/lfd weren't starting at all. Fixing SYSTEMCTL fixed the entire problem.