Page 1 of 1

Latest Upgrade error?

Posted: 18 Feb 2013, 19:03
by Gavo
I started getting emails today after a csf upgrade with ifd crashing (cpanel). When I restart iptables I get an error & csf wont restart.

I removed & re-installed csf & iptables, but the error is still there.

csf v5.77

Code: Select all

Restarting csf...

Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `RH-Firewall-1-INPUT'
Deleting chain `RH-Firewall-1-INPUT'
DROP  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:67 
DROP  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  udp dpt:67 
DROP  tcp opt    in * out *  ::/0  -> ::/0  tcp dpt:67 
DROP  udp opt    in * out *  ::/0  -> ::/0  udp dpt:67 
DROP  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:68 
DROP  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  udp dpt:68 
DROP  tcp opt    in * out *  ::/0  -> ::/0  tcp dpt:68 
DROP  udp opt    in * out *  ::/0  -> ::/0  udp dpt:68 
DROP  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:111 
DROP  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  udp dpt:111 
DROP  tcp opt    in * out *  ::/0  -> ::/0  tcp dpt:111 
DROP  udp opt    in * out *  ::/0  -> ::/0  udp dpt:111 
DROP  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:113 
DROP  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  udp dpt:113 
DROP  tcp opt    in * out *  ::/0  -> ::/0  tcp dpt:113 
DROP  udp opt    in * out *  ::/0  -> ::/0  udp dpt:113 
DROP  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpts:135:139 
DROP  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  udp dpts:135:139 
DROP  tcp opt    in * out *  ::/0  -> ::/0  tcp dpts:135:139 
DROP  udp opt    in * out *  ::/0  -> ::/0  udp dpts:135:139 
DROP  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:445 
DROP  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  udp dpt:445 
DROP  tcp opt    in * out *  ::/0  -> ::/0  tcp dpt:445 
DROP  udp opt    in * out *  ::/0  -> ::/0  udp dpt:445 
DROP  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:500 
DROP  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  udp dpt:500 
DROP  tcp opt    in * out *  ::/0  -> ::/0  tcp dpt:500 
DROP  udp opt    in * out *  ::/0  -> ::/0  udp dpt:500 
DROP  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:513 
DROP  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  udp dpt:513 
DROP  tcp opt    in * out *  ::/0  -> ::/0  tcp dpt:513 
DROP  udp opt    in * out *  ::/0  -> ::/0  udp dpt:513 
DROP  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:520 
DROP  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  udp dpt:520 
DROP  tcp opt    in * out *  ::/0  -> ::/0  tcp dpt:520 
DROP  udp opt    in * out *  ::/0  -> ::/0  udp dpt:520 
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* ' 
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_OUT Blocked* ' 
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* ' 
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_OUT Blocked* ' 
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* ' 
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_OUT Blocked* ' 
LOG  tcp opt    in * out *  ::/0  -> ::/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP6IN Blocked* ' 
LOG  tcp opt    in * out *  ::/0  -> ::/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP6OUT Blocked* ' 
LOG  udp opt    in * out *  ::/0  -> ::/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP6IN Blocked* ' 
LOG  udp opt    in * out *  ::/0  -> ::/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP6OUT Blocked* ' 
LOG  icmpv6 opt    in * out *  ::/0  -> ::/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP6IN Blocked* ' 
LOG  icmpv6 opt    in * out *  ::/0  -> ::/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP6OUT Blocked* ' 
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  
DROP  all opt    in * out *  ::/0  -> ::/0  
DROP  all opt    in * out *  ::/0  -> ::/0  
DENYOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
DENYIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ALLOWOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
ALLOWIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
DENYOUT  all opt    in * out !lo  ::/0  -> ::/0  
DENYIN  all opt    in !lo out *  ::/0  -> ::/0  
ALLOWOUT  all opt    in * out !lo  ::/0  -> ::/0  
ALLOWIN  all opt    in !lo out *  ::/0  -> ::/0  
iptables: Unknown error 4294967295
INVDROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  ctstate INVALID 
Error: Error processing command for line [1116] (10 times): [iptables: Unknown error 4294967295], at line 1116



...Done.

Restarting lfd...

Stopping lfd:[FAILED]
[  OK  ]
Starting lfd:
Error: You have an unresolved error when starting csf. You need to restart csf successfully before starting lfd
[  OK  ]

Code: Select all

[root@server csf]# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: raw nat mangle filter     [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
[root@server csf]#
I manually added rules to open 80, as no sites would open , but its been reset now, so I need to keep iptables stopped.

How can I fix it please :D

Re: Latest Upgrade error?

Posted: 18 Feb 2013, 20:20
by ForumAdmin
See this thread:
viewtopic.php?f=6&t=6260