Error to start CSF

amdy · 04-14-2010, 02:53 PM

Hi,

I get this error when I checked the status:

Quote:

root@vps3173 [~]# service csf status
Status of csf:You have an unresolved error when starting csf. You need to restart csf successfully to remove this warning

I tried to start it and it appeared this error:

Quote:

root@vps3173 [~]# csf -s
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Restarting bandmin acctboth chains for cPanel
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:67
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:67
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:68
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:68
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:111
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:111
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:113
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:113
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpts:135:139
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpts:135:139
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:445
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:445
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:513
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:513
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:520
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:520
iptables: Unknown error 18446744073709551615
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '

Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp -m limit --limit 30/m --limit-burst 5 -j LOG --log-prefix 'Firewall: *TCP_IN Blocked* '] failed, at line 387

Please let me know, how can I disable the firewall and run the csf.

paulsm4 · 04-16-2010, 01:01 AM

Hi -

Unfortunately, this sounds like a reasonable answer:

Quote:

http://www.experts-exchange.com/Secu..._24162050.html

iptables is the best firewall available around, keep using that

That issue should get fixed recompiling the kernel with CONFIG_IP_NF_TARGET_NETMAP=y option in your .config file and it has to do with bad arguments fed to iptables. Can you show us the commands you issued to it?

In other words:
* CSF is a wrapper to iptables (it's whole purpose in life is just to make iptables easier to use)

* Unfortunately, it doesn't look like you'll be able to use it with your default kernel. You'll literally have do build a new kernel (with the CONFIG_IP_NF_TARGET_NETMAP option configured to "y") in order to use it.

* Building a new kernel isn't necessarily that hard...
... but it might be easier to just give up on CSF and use iptables directly.

'Hope that helps .. PSM

cola · 04-16-2010, 03:07 AM

Quote:

Originally Posted by amdy

Hi,

I get this error when I checked the status:

I tried to start it and it appeared this error:

Please let me know, how can I disable the firewall and run the csf.

Which system are you on now?