what happened if I allow all port and IP traffic to my server and than add some IP to the deny list?
will it allow them all which are in deny list or not?
Not really sure why, but I tend to find scrolling breaks in the webmin module once you hit firewall configuration and the only way to scoll through the configuration is to click that window and use the page up/ page down keys on the keyboard.
Well that's in Firefox, in Chrome I can't even do that which makes CSF prestty unusable
cPanel introduced a check for the Dovecot LMTP process that connects as root to 127.0.0.1 on the socket /var/run/dovecot/lmtp.
How exactly would you whitelist something like this in CSF? Have been searching for the last half hour, and am not seeing anything. Maybe I am just overlooking things, but am really confused at this point.
cPanel says ... To resolve this issue, either open...
Hello,
Since some time we are getting Suspicious process running under user mailnull notifications. I include the notification below. We restarted Exim, but without any luck.
The process itself is:
PID: 7992 (Parent PID:7922)
Account: mailnull
Should we kill this process or are there any other things we could do?
Hello ,
we're having multiple instances of csf installed, one of them ( server name: A30 ) reports a error:
lfd on A30: SYSLOG Check Failed
Error: Failed to detect code in SYSLOG_LOG
SYSLOG may not be running correctly on A30
Above mentioned file exists, csf can read/write to it.
Manual search for control string finds it:
# cat /var/log/syslog | grep hpi8op2eMzu93Rjbb6rdE4t
1...
Is there way where we can limit out going emails per email per hour . Say from Webmail / Pop3 email1@domain.com, email2@domain2.com can send max 200 emails for hour. If he sends more then 200 email that email user should be blocked .
*Exceeded LOCALRELAY limit* from aadmsces (101 in the last hour)
Aug 1 11:18:41 ly1 lfd : '/home/aadmsces/public_html/newsubsr' has been disabled
Is there a way to exclude certain domains from this , like all the domains should follow this limit except domain.com and domain1.com can go up to 1000 per hour or no limit.
I have csf running on a centos 6.5 box with webmin/virtualmin
server is running bind-9.8.2
when I run the server check test I get a warning that says:
You have a local DNS server running but do not appear to have any recursion restrictions set. This is a security and performance risk and you should look at restricting recursive lookups to the local IP addresses only
Hi, i have created a phpmail script that uses smtp auth, when the firewall is disabled the script works fine and the email arrives to the user, but when i enable the firewall the emails are blocked
This is what i found on the log file /var/log/messages
Jul 28 09:08:27 core kernel: Firewall: *TCP_OUT Blocked* IN= OUT=enp5s0 SRC=10.45.18.66 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50199...
I have tried multiple times this week to unblock various ip's. When I enter an IP in the Quick Unblock field I get not found in csf.deny
Taking the same IP and doing a Search brings up the listing in csf.deny. Trying to unblock from the search result page also fails with the not found in csf.deny error.
so then I have to go in and manually locate the IP and delete.
I am unable to run csf -u successfully as I keep getting an error:
Unable to download: Protocol scheme 'https' is not supported (IO::Socket::SSL not installed)
- The 'box' does not have an SSL certificate.
- I followed other suggestions:
- installing libwww-perl and LWP-Protocol-https. It was already installed and up to date.
- csf -a 85.10.199.177
In one of the servers that we manage, we don't want to run any mail server. When we setup CSF and start it, lfd is stopping soon after it has been started. We removed SENDMAIL path line from csf.conf and restarted csf. Still lfd wouldn't run.
------------------------------------ lfd.log entries --------------------------
Jul 25 00:00:02 localhost lfd : Unable to send SENDMAIL alert via []:...
Hi, I recently installed CSF as per instructions and set testing mode to 0 and also for safety sake added my IP address to allowed and ignore (for LFD).
As soon as I ran restart using cfr -R I got booted from SSH session and my WHM, CPANEL, sites, DNS, Mail and everything went down. I could not access the IP of the server for any services form any location.
Hello, anyone please can help me with this... Do i have been attacked? I have this log, and you can see from a lot of diferent IPS and they are try to connecto to several Ports.. What Can I do To STOP this?
Thanks.. Carlos Costa
THE LOG
Jan 6 09:33:45 server pure-ftpd: (?@186.167.34.150?) New connection from 186.167.34.150
Jan 6 09:34:45 server pure-ftpd: (?@186.167.34.150?) Logout.
Jan 6...
Hi,
when CSF run a cron for check for updates and find an update it send to me an email notification but is not sent to the email address I set in the config for receive notification but is sent to root address who generate Deliver Status Notification. How I can set a different email address to be alerted of the update process?
Thanks.
Maybe I have to set a valid email address in X_ARF_TO = ?...
I have question about Blocking all ICMP except these Dynamic DNS
file (csf.dyndns) - all listed domains will be resolved and allowed through the firewall
If I add Dynamic DNS in these & disallow ICMP to 0 value in configuration will the ICMP be allowed in these Dynamic DNS or not
If no , then how to make it only on ICMP to these Dynamic DNS ?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum