Server inaccessible after reboot

[CubicC]

Hi. I installed CSF and configured it to lock down my server. Everything seemed to be working fine (blocked ports were blocked, unblocked ports were unblocked, etc.). Testing mode is off. When I did a reboot, I was unable to access the server. After going in via the console, I could see that there was no network accessibility. No services could listen, ifconfig showed no IP addresses, I couldn't access any nameservices (all of this worked before the reboot).

I disabled csf (csf -x) and then did a "service network restart" and everything came back. I then re-enabled csf (csf -e) and all my security was back as well.

Any idea what to do here? I was thinking that I could delay the init script (e.g. S99csf instead of S15csf), but I want to make sure I'm not missing something obvious.

Thanks!

P.S. I'm not sure if it matters, but most of the tests were successful:

Code: Select all

# perl /etc/csf/csftest. (.pl - removed because the forum won't allow me to "post url links" - not sure if there's a bug in the forum?)
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...FAILED [Error: iptables: Unknown error 4294967295] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf will function on this server but some features will not work due to some missing iptables modules [1]

[sawbuck]

Wouldn't think the CONNLIMIT test failure would have an impact.

Curious if you indicated a specific NIC under the General Settings section using ETH_DEVICE=?

One thing I would consider doing is going back to a default install and see if you can replicate the issue before delaying the init script.

[CubicC]

ETH_DEVICE= is blank

[sawbuck]

So what about trying a default csf.conf?

[CubicC]

Is there a default csf.conf that's provided? Or would I need to un-install and re-install?

Trying to figure out the quickest path to resolution (and wondering if anyone else has experienced this issue previously).

Thanks, sawbuck!

[sawbuck]

There is a basic csf.conf included in the csf.tgz (http://www.configserver.com/cp/csf.html)

Would backup the existing one first.

Not sure this will be the quickest resolution but could rule out changes you made from the initial install.

As to what others may have experienced - you may have better luck posting on a higher visibility forum as this is peer supported.

[CubicC]

Great - thanks for all your help!