CSF firewall issue

EFW · March 4, 2013, 4:56pm

Hi folks,

I’ve install the latest version of VM on my VPS. Everything is working nice. Great CP! I’ve also installed CSF firewall, but when run a check, I get an error:
Testing iptables…

Testing ip_tables/iptable_filter…OK
Testing ipt_LOG…OK
Testing ipt_multiport/xt_multiport…OK
Testing ipt_REJECT…OK
Testing ipt_state/xt_state…OK
Testing ipt_limit/xt_limit…OK
Testing ipt_recent…OK
Testing xt_connlimit…FAILED [Error: iptables: Invalid argument. Run `dmesg’ for more information.] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner…OK
Testing iptable_nat/ipt_REDIRECT…OK
Testing iptable_nat/ipt_DNAT…OK

RESULT: csf will function on this server but some features will not work due to some missing iptables modules [1]

I spoke to my VPS provider about enabling the missing module. They say they have, and its an issues on my side of things. I’ve looked on google and found a few things, that it appears to be a bug with centos, which I am running.

I have found on google, that adding this rule might help. --> -A INPUT -p tcp -m tcp --dport 9999 -m connlimit --connlimit-above 100 --connlimit-mask 32 -j REJECT --reject-with tcp-reset

But each time I try to add it does not work.

Does anyone else know how to fix it?

Regard

Eric · March 4, 2013, 7:29pm

Howdy,

Well, I’m unfortunately not familiar with CSF, and it’s possible you may need to ask the CSF community regarding the problem you’re having… however, I do see a bug report regarding CSF on RHEL/CentOS here, with the error you’re getting:

http://bugs.centos.org/view.php?id=5749

They made a few suggestions in there, including making sure that it’s the newest CentOS and CSF version, as well as making sure that the “xt_connlimit” module is loaded. You can do that by running the command “modprobe xt_connlimit”.

-Eric

EFW · March 5, 2013, 4:07pm

Hi thanks for the reply, I’ve raised another ticket with my provide to double check on the missing module, they replied saying it was loaded.

So do you know what command I would need to issue to get it working?

Thanks

Eric · March 5, 2013, 4:18pm

Howdy,

Well, you’re not looking at an issue of running one command… it sounds like you need someone knowledgeable with CSF who can run a lot of commands and perform a variety of troubleshooting steps

Unfortunately, our expertise here is primary related to Virtualmin… and you seem to be having an issue with CSF.

While some folks here do use CSF, if you don’t hear from any of them, you may need to ask the CSF community for their assistance.

-Eric

tpnsolutions · March 5, 2013, 6:13pm

Hi,

Further to Eric’s post, I’d recommend posting CSF specific errors over at their forums where you’ll likely be welcomed by people who’ve “been there, done that” and can help solve your issue.

http://forum.configserver.com/


Best Regards,
Peter Knowles
TPN Solutions
E: pknowles@tpnsolutions.com

P: 604-782-9342

W: http://www.tpnsolutions.com