ConfigServer Community Forum

Posted: **08 Apr 2016, 00:55**

Greetings, new here but have been using csf for a long time on different servers.

Recently, I have been unable to open the UI for CSF from my webmin install. Worked previously. Only changes I am aware of were the addition of an ssl certificate, and an update to csf.

Full restart of csf:

root@server5:/home/borg1_vir# csf -ra
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `INVALID'
Flushing chain `INVDROP'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Deleting chain `ALLOWIN'
Deleting chain `ALLOWOUT'
Deleting chain `DENYIN'
Deleting chain `DENYOUT'
Deleting chain `INVALID'
Deleting chain `INVDROP'
Deleting chain `LOCALINPUT'
Deleting chain `LOCALOUTPUT'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
csf: FASTSTART loading DROP no logging (IPv4)
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
DENYOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
DENYIN all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
ALLOWOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
ALLOWIN all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
csf: FASTSTART loading Packet Filter (IPv4)
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
INVALID tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
INVALID tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
csf: FASTSTART loading csf.deny (IPv4)
csf: FASTSTART loading csf.allow (IPv4)
ACCEPT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 ctstate RELATED,ESTABLISHED
csf: FASTSTART loading TCP_IN (IPv4)
csf: FASTSTART loading TCP_OUT (IPv4)
csf: FASTSTART loading UDP_IN (IPv4)
csf: FASTSTART loading UDP_OUT (IPv4)
ACCEPT icmp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5
ACCEPT icmp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 icmptype 0
ACCEPT icmp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 icmptype 8
ACCEPT icmp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 icmptype 0 limit: avg 1/sec burst 5
ACCEPT icmp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 icmptype 11
ACCEPT icmp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 icmptype 3
ACCEPT icmp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 icmptype 11
ACCEPT icmp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 icmptype 3
ACCEPT all opt -- in lo out * 0.0.0.0/0 -> 0.0.0.0/0
ACCEPT all opt -- in * out lo 0.0.0.0/0 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
LOGDROPIN all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
csf: FASTSTART loading DNS (IPv4)
LOCALOUTPUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
LOCALINPUT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
* lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled)
Active: active (running) since Thu 2016-04-07 23:27:31 GMT; 4ms ago
Process: 4578 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
Main PID: 4581 (lfd - starting)
CGroup: /system.slice/lfd.service
`-4581 lfd - startin

Apr 07 23:27:30 server5 systemd[1]: Unit lfd.service entered failed state.

Of interest are the lines:

INVALID tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
INVALID tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0

I think this may be a similar issue to the thread on CentOS before this one. For clarification, I am not referring to the standalone web UI on port 6666, this is the usual UI called from within webmin.

1. Are previous versions of csf available?
2. I am conversant with the command line but am not a programmer....

As far as I can tell csf and lfd are running:

root@server5:/home/borg1_vir# service csf status && service lfd status
* csf.service - ConfigServer Firewall & Security - csf
Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled)
Active: active (exited) since Thu 2016-04-07 19:45:10 GMT; 4h 9min ago
Process: 15822 ExecStop=/usr/sbin/csf --stop (code=exited, status=0/SUCCESS)
Process: 15818 ExecStop=/usr/sbin/csf --initdown (code=exited, status=0/SUCCESS)
Process: 15835 ExecStart=/usr/sbin/csf --initup (code=exited, status=0/SUCCESS)
Main PID: 15835 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/csf.service

Apr 07 19:45:10 server5 csf[15835]: (restoring iptables)
* lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled)
Active: active (running) since Thu 2016-04-07 23:30:15 GMT; 23min ago
Process: 4952 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
Main PID: 4954 (lfd - sleeping)
CGroup: /system.slice/lfd.service
`-4954 lfd - sleeping

Anyone help with this??

Thanks!

Posted: **08 Apr 2016, 19:16**

Found something:

Might be a firefox issue, opening the full link as in:

https://server.domain.com:10000/csf loads the page. Clicking from within the webmin UI does nothing.
All other links on the webmin UI work. Strange.

Posted: **08 Apr 2016, 22:22**

We've tested on Debian 8.3 with a variety of browsers and themes and have been unable to find a problem. Have you tried changing themes?

Posted: **10 Apr 2016, 22:03**

Hello,
Also having the problem on a CentOS box but it *IS* theme related.
Change your webmin theme to the old one (I bet you've got the new fangled one running) and it'll work ok.
Very strange.

Posted: **10 Apr 2016, 22:38**

Updating webmin to 1.791-1 did the trick.

Posted: **10 Apr 2016, 22:38**

don't forget to clear the browser cache after updating.

ConfigServer Community Forum

Unable to open Webmin CSF UI, Debian 8.3

Unable to open Webmin CSF UI, Debian 8.3

Re: Unable to open Webmin CSF UI, Debian 8.3

Re: Unable to open Webmin CSF UI, Debian 8.3

Re: Unable to open Webmin CSF UI, Debian 8.3

Re: Unable to open Webmin CSF UI, Debian 8.3

Re: Unable to open Webmin CSF UI, Debian 8.3