CSF dont stop

Post Reply
iserver
Junior Member
Posts: 22
Joined: 17 Sep 2009, 15:59
Location: Acequias (Spain)
Contact:

CSF dont stop

Post by iserver »

Hi.

On a machine with CSF (although on others the problem has appeared after writing this ticket)

It has been installed and running for years.
The settings are very restrictive. Only port of entry 53 is open, the rest are not.
Access is only allowed to my ips. One of them dynamic, added to csf.dyndns

Today I couldn't get in. So I logged into the server via KVM (it's a proxmox)

The first thing I tried, was `csf -x` and `iptables -L`

Disabled and no rules.

But my surprise is that the log that appears on the screen continues to show me firewall activity, and among the IPs that I see blocking are those of my connection (connection attempt via SSH to the machine)

Before I had tried ssh connecting to localhost and without problem.


I double check that the csf is disabled.

I do the same after enabling and stopping it with systemctl.


I am desperate because I cannot understand what is happening.


Restarting that proxmox is a pain, and something tells me that although the csf + lfd service is stopped (inactive it says) in memory it continues or I don't understand it.
iserver
Junior Member
Posts: 22
Joined: 17 Sep 2009, 15:59
Location: Acequias (Spain)
Contact:

Re: CSF dont stop

Post by iserver »

After to try stop, CSF Firewall, CSF Firewall service, remove CSF Firewall, clean iptables...

Shutdown machine with CSF uninstalled.

Server accesible.

Reinstall csf, Restore /etc/csf/, restart csf and now is accesible.

Is the first time since 1998 working with systems that I see an issue how this.
alexf
Junior Member
Posts: 22
Joined: 27 May 2023, 15:49

Re: CSF dont stop

Post by alexf »

Don't confuse what CSF and LFD are doing, with the firewall. CSF works hand in hand with "iptables". It is "iptables" that is the brick wall to either allow or deny IP traffic. You can stop CSF and the "iptables" rules are still in place and effect.

In your 2nd post you mentioned in your steps that you "clean iptables", that is what fixed your issue. The command to flush all iptables rules on CentOS is "iptables -F", use only in when in dire straights.

Likely your source IP had triggered a block rule and was blocked going forward. If you trust the source IP, it should have been added to your "csf.allow" table, as those entries will never be blocked.
ajbird
Junior Member
Posts: 11
Joined: 16 Jul 2011, 17:26

Re: CSF dont stop

Post by ajbird »

there has to be a way to fix this from ssh that does not require a reboot
ajbird
Junior Member
Posts: 11
Joined: 16 Jul 2011, 17:26

Re: CSF dont stop

Post by ajbird »

CSF Firewall, CSF Firewall service, remove CSF Firewall, clean iptables...


Tried that.. no difference. even after iptables -f the ips still show as blocked in syslog
alexf
Junior Member
Posts: 22
Joined: 27 May 2023, 15:49

Re: CSF dont stop

Post by alexf »

Please post the output of the command 'iptables -nvL'.
This will show ALL of what is in your iptables and or ipset sets.
If you are using 'ipset' then you will also see something like this in your output.

Code: Select all

 177K  150M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set chain_ALLOW src
Chain DENYIN (1 references)
 pkts bytes target     prot opt in     out     source               destination
 3720  221K LOGDROPIN  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set chain_DENY src
If you see 'match-set chain' in your iptables output, then these are references to an 'ipset' DB table.

Use the command to see ALL ipset sets (this can be a very long listing).

Code: Select all

ipset list

Or use 'ipset list setname' to display a given set. Example:

Code: Select all

ipset list chain_DENY
If you are still being blocked, then your issue IS NOT iptables or csf. Try looking at other software on your server such as cphulkd that creates its own blocking table (although it can be configured to also add entries to iptables).

Also, check that you may have the SSH port itself blocked to all traffic in iptables.
iparaskev
Junior Member
Posts: 1
Joined: 26 Aug 2024, 11:06

Re: CSF dont stop

Post by iparaskev »

I had the same problem. Finally after a lot of search, i found out that the problem was generated due to iptables-legacy (The presence of active iptables-legacy rules alongside iptables-nft which is used and update by csf). in my case i ran iptables-legacy -nvL and found out that it was affecting my system and was not updated from csf rules. Modifying rules there, resolved my problem. One solution is to disabled but you should do it with caution since it may affect system's connectivity.
Post Reply