Changing BlOCK to DROP for cpanel csf

[webserversup]

Hi,

I would like to know if I can change the action of BLOCK to DROP in cpanel csf? This is due to currently there is web service outage happening once in a while in my cpanel and after cpanel support checked, they suspect that csf firewall may be the cause of problem and suggest us to change the action from Block to Drop. Below are some log records example that they found in cpanel messages log:-


Jul 21 08:30:21 cp01 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:78:54:2e:1f:16:09:08:00 SRC=xxx.xxx.xxx.xxx DST=255.255.255.255 LEN=345 TOS=0x00 PREC=0x00 TTL=64 ID=15104 DF PROTO=UDP SPT=62976 DPT=62976 LEN=325
Jul 21 08:30:46 cp01 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:27:f7:ef:00:1b:21:9f:21:b8:08:00 SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=256 PROTO=TCP SPT=13620 DPT=5901 WINDOW=16384 RES=0x00 SYN URGP=0
Jul 21 08:30:46 cp01 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:27:f7:ef:00:1b:21:9f:21:b8:08:00 SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=256 PROTO=TCP SPT=13717 DPT=5901 WINDOW=16384 RES=0x00 SYN URGP=0

[ForumAdmin]

There is no such thing as a BLOCK target for iptables. csf is configured by default to use the DROP target unless you have manually set the "DROP" option in /etc/csf/csf.conf to something else. It would appear that the cpanel support person you spoke to were either misunderstood or does not understand iptables.

The logs you posted simply show IP SRC=xxx.xxx.xxx.xxx trying to connect to server DST=xxx.xxx.xxx.xxx on port 5901 on the server and iptables dropping the connection, probably because port 5901 is not open in TCP_IN.