ConfigServer Community Forum

Hello,

We are unable to reach the websites on the server when csf is enabled. Upon checking, the ip is not blocked as per lfd.log. However "/var/log/messages" has full of similar messages as below:.


--------------------------------------------------
Sep 10 05:14:59 eeg kernel: [2144786.604936] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=fa:16:3e:a8:d8:45:00:1c:73:57:7f:c5:08:00 SRC=185.81.xxx.xxx DST=yyy.yyy.23.46 LEN=60 TOS=0x08 PREC=0x20 TTL=47 ID=36972 DF PROTO=TCP SPT=58396 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Sep 10 05:15:03 eeg kernel: [2144790.948329] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=fa:16:3e:a8:d8:45:00:1c:73:57:7b:97:08:00 SRC=185.81.xxx.xxx DST=yyy.yyy.23.46 LEN=60 TOS=0x08 PREC=0x20 TTL=47 ID=61953 DF PROTO=TCP SPT=40971 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
-------------------------------------------------

As you can see, for some reasons, the incoming connections are being dropped. If I disable the csf firewall, the problem stops.

OS: CentOS release 6.8
cPanel: 11.58.0.27

I am not sure what parameter to tweak. Both connection tracker and synflood is disabled.

Any suggestions is appreciated.

Abdul.

Check the following:
ETH_DEVICE_SKIP = eth0

Hi,

Thank you for your reply.

Would adding "ETH_DEVICE_SKIP = eth0" stop all the purpose of CSF?. Will the brute force and other connections checking will work after adding that?.

Abdul