We just ran updates on servers and now on multiple servers I have seen this issue. Customers are having issues connecting to ports that are only available with whitelisting. When I check IP's I see this
csf -g XXX.XXX.XXX.XXX
Table Chain num pkts bytes target prot opt in out source destination
No matches found for XXX.XXX.XXX.XXX in iptables
ip6tables:
Table Chain num pkts bytes target prot opt in out source destination
No matches found for XXX.XXX.XXX.XXX in ip6tables
csf.allow: XXX.XXX.XXX.XXX # Manually allowed: XXX.XXX.XXX.XXX (US/United States/c-XXX.XXX.XXX.XXX.hsd1.fl.comcast.net) - Tue Sep 3 15:44:41 2019
I removed the IP as its a customer IP address. I restart csf and then run the same command and get this
csf -g XXX.XXX.XXX.XXX
Table Chain num pkts bytes target prot opt in out source destination
filter ALLOWIN 157 0 0 ACCEPT all -- !lo * XXX.XXX.XXX.XXX 0.0.0.0/0
filter ALLOWOUT 79 0 0 ACCEPT all -- * !lo 0.0.0.0/0 XXX.XXX.XXX.XXX
ip6tables:
Table Chain num pkts bytes target prot opt in out source destination
No matches found for XXX.XXX.XXX.XXX in ip6tables
csf.allow: XXX.XXX.XXX.XXX # Manually allowed: XXX.XXX.XXX.XXX (US/United States/c-XXX.XXX.XXX.XXX .hsd1.fl.comcast.net) - Tue Sep 3 15:44:41 2019
As you can see before the restart the IP was in the csf.allow list but had no ALLOWIN chain filter. You can also see the IP's have been whitelisted for a long time without issues. This just started after running updates for the servers. Anyone else have these issues or ideas of why it may be happening. After restarting the csf firewall everything works again.
Best regards,
Ben