Global allow rules partially applied on CentOS 7 servers
Posted: 29 Nov 2016, 12:41
I have noticed that my global allow rules are applying correctly to all CentOS 6 servers, but on CentOS 7 servers global allow rules are being applied partially.
By partially, I mean that /var/lib/csf/csf.gallow contains only between 30% or 60% of rules (rules are chopped off at random lines on each affected server) and in /var/log/lfd.log I regularly see "iptables appears to have been flushed - running *csf startup*..." message:
iptables rule mentioned in the logs is different on each server and each time automatic rules update occurs. The only thing that's the same across all affected servers is the last part of the message "...skipped on line 6965"
LF_GLOBAL is set to 3600 and the mentioned problem appears at random times on random CentOS 7 servers. The problem keeps repeating almost every time global rules are automatically updated:
At the moment, I'm able to temporary resolve the problem by restarting LFD service, but the problem keeps coming back after an random number of hours.
I have ruled out the web server that serves global allow rules as a culprit because:
1. not a single CentOS 6 server is affected, only Centos 7 servers are
2. in the access logs I can clearly see that affected servers have downloaded complete file with global allow rules (response code was "200 OK" and transfered bytes are correct)
By partially, I mean that /var/lib/csf/csf.gallow contains only between 30% or 60% of rules (rules are chopped off at random lines on each affected server) and in /var/log/lfd.log I regularly see "iptables appears to have been flushed - running *csf startup*..." message:
Code: Select all
Nov 29 13:01:00 server-3 lfd[705311]: Global Allow - retrieved and allowing IP address ranges
Nov 29 13:01:20 server-3 lfd[357879]: iptables appears to have been flushed - running *csf startup*...
Nov 29 13:01:20 server-3 lfd[705311]: csf is currently restarting - command [/sbin/iptables -A NEWGALLOWIN -i eno+ -p tcp -s XXX.XXX.XXX.XXX/23 --dport 21 -j ACCEPT] skipped on line 6965LF_GLOBAL is set to 3600 and the mentioned problem appears at random times on random CentOS 7 servers. The problem keeps repeating almost every time global rules are automatically updated:
Code: Select all
root@server-3 [~]# grep -i flushed /var/log/lfd.log
Nov 27 04:00:26 server-3 lfd[865786]: iptables appears to have been flushed - running *csf startup*...
Nov 27 06:00:41 server-3 lfd[865786]: iptables appears to have been flushed - running *csf startup*...
Nov 27 07:00:53 server-3 lfd[865786]: iptables appears to have been flushed - running *csf startup*...
Nov 27 08:01:06 server-3 lfd[865786]: iptables appears to have been flushed - running *csf startup*...
Nov 27 10:01:22 server-3 lfd[865786]: iptables appears to have been flushed - running *csf startup*...
Nov 27 11:01:34 server-3 lfd[865786]: iptables appears to have been flushed - running *csf startup*...
Nov 27 12:01:47 server-3 lfd[865786]: iptables appears to have been flushed - running *csf startup*...
Nov 27 14:02:00 server-3 lfd[865786]: iptables appears to have been flushed - running *csf startup*...
Nov 27 15:02:12 server-3 lfd[865786]: iptables appears to have been flushed - running *csf startup*...
Nov 27 16:02:24 server-3 lfd[865786]: iptables appears to have been flushed - running *csf startup*...
Nov 27 19:02:39 server-3 lfd[865786]: iptables appears to have been flushed - running *csf startup*...
Nov 27 20:02:51 server-3 lfd[865786]: iptables appears to have been flushed - running *csf startup*...
Nov 27 22:03:03 server-3 lfd[865786]: iptables appears to have been flushed - running *csf startup*...
Nov 27 23:03:16 server-3 lfd[865786]: iptables appears to have been flushed - running *csf startup*...
Nov 28 04:00:25 server-3 lfd[730386]: iptables appears to have been flushed - running *csf startup*...
Nov 28 06:00:38 server-3 lfd[730386]: iptables appears to have been flushed - running *csf startup*...
Nov 28 09:00:52 server-3 lfd[730386]: iptables appears to have been flushed - running *csf startup*...
Nov 28 10:01:05 server-3 lfd[730386]: iptables appears to have been flushed - running *csf startup*...
Nov 28 11:01:21 server-3 lfd[730386]: iptables appears to have been flushed - running *csf startup*...
Nov 28 12:01:33 server-3 lfd[730386]: iptables appears to have been flushed - running *csf startup*...
Nov 28 14:01:47 server-3 lfd[730386]: iptables appears to have been flushed - running *csf startup*...
Nov 28 15:01:59 server-3 lfd[730386]: iptables appears to have been flushed - running *csf startup*...
Nov 28 16:02:13 server-3 lfd[730386]: iptables appears to have been flushed - running *csf startup*...
Nov 28 18:02:26 server-3 lfd[730386]: iptables appears to have been flushed - running *csf startup*...
Nov 28 20:02:41 server-3 lfd[730386]: iptables appears to have been flushed - running *csf startup*...
Nov 28 21:02:53 server-3 lfd[730386]: iptables appears to have been flushed - running *csf startup*...
Nov 28 23:03:05 server-3 lfd[730386]: iptables appears to have been flushed - running *csf startup*...
Nov 29 04:00:25 server-3 lfd[357879]: iptables appears to have been flushed - running *csf startup*...
Nov 29 05:00:37 server-3 lfd[357879]: iptables appears to have been flushed - running *csf startup*...
Nov 29 08:00:50 server-3 lfd[357879]: iptables appears to have been flushed - running *csf startup*...
Nov 29 11:01:05 server-3 lfd[357879]: iptables appears to have been flushed - running *csf startup*...
Nov 29 13:01:20 server-3 lfd[357879]: iptables appears to have been flushed - running *csf startup*...I have ruled out the web server that serves global allow rules as a culprit because:
1. not a single CentOS 6 server is affected, only Centos 7 servers are
2. in the access logs I can clearly see that affected servers have downloaded complete file with global allow rules (response code was "200 OK" and transfered bytes are correct)