[SOLVED] How to stop CSF from removing my custom rules?

[prixone]

I have the following rules:

Code: Select all

# vpn ip to specific server ip
iptables -t nat -A POSTROUTING -s 10.8.0.5/32 -j SNAT --to-source XXX.XXX.XXX.2
iptables -t nat -A POSTROUTING -s 10.8.0.9/32 -j SNAT --to-source XXX.XXX.XXX.3
iptables -t nat -A POSTROUTING -s 10.8.0.13/32 -j SNAT --to-source XXX.XXX.XXX.4
iptables -t nat -A POSTROUTING -s 10.8.0.17/32 -j SNAT --to-source XXX.XXX.XXX.5
iptables -t nat -A POSTROUTING -s 10.8.0.21/32 -j SNAT --to-source XXX.XXX.XXX.6
# Accept input on tun0
iptables -A INPUT -i tun0 -j ACCEPT
# vpn to vpn
iptables -A FORWARD -i tun0 -o tun0 -j ACCEPT
# vpn to ethernet
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
# ethernet to vpn
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
# Accept output on tun0
iptables -A OUTPUT -o tun0 -j ACCEPT

Set on the file csfpre.sh but after certain amount of time CSF will simple remove these rules from my live iptables, how can I stop it from doing that? XXX is my actual IP's which I removed for obvious reasons.

I further have the netblock 10.8.0.0 whitelisted.

I identified the issue by issuing a iptables-save before and after...

-- UPDATE

Just found this thread https://forum.configserver.com/viewtopi ... 931#p26857 which seems interesting, I will try that and report in case this happens again.

[prixone]

OK, took awhile to verify this while waiting for an update to happen, but yes, this fixed the issue and rules are now properly being placed back in after an update.