Server Fault
Server Fault

Questions tagged [csf]

ConfigServer Security & Firewall

A Packet Inspection (SPI) firewall and Login/Intrusion Detection application for Linux servers. Combines firewall with log monitoring tools for general Linux security protection. Web interface works from cpanel or webmin.

http://configserver.com/cp/csf.html

126 questions
7
votes
1 answer

PPTP VPN iptables firewall issues csf

I am having a problem with iptables and a PPTP VPN, I have read related topics both on hear and online but still can't get it to work! I am trying to set up PPTP on an ubuntu server on our local network, to force clients to have to log in through…
Pez Cuckow
  • 525
  • 3
  • 8
  • 22
6
votes
1 answer

DHCP request error. Send_packet not permitted, How to debug, What does it mean

I recently installed CSF firewall and have made live a new server which is accepting around 600req/second. Its basically a reverse proxy and I found in pingdom and munin that for a particular time, the response times of the server increased by 3…
Sparsh Gupta
  • 1,177
6
votes
1 answer

Running docker containers only local behind csf firewall

I want to access docker containers only locally behind the csf firewall on a remote Ubuntu server. I changed the DOCKER settings options in /etc/csf/csf.conf to 1 to allow docker to change iptable rules. If I am starting my container with -p…
mhellmeier
  • 161
5
votes
1 answer

IP addresses denied in /etc/hosts.allow appear in /etc/csf/csf.deny?

I modify my /etc/hosts.allow file as sshd : 192.168.0.0/255.255.255.0 : allow sshd : xxx.xxx.xxx.* : allow sshd : ALL : deny (where the xxx represent my actual IP address numbers and the wildcard * represents the full range 0-255) then restart sshd…
user46688
  • 186
4
votes
2 answers

csf Integrated User Interface not working

I've installed CSF on ubuntu 14.04 using their official install guide. After disabling UFW with the following command: sudo ufw disable then I have modified csf.conf with the following values: (comments removed to make question…
Bor691
  • 243
4
votes
1 answer

How to white-list specific PHP script process in CSF?

I repeatedly receive a "Suspicious Process" notice from lfd. I'm 100% positive that the PHP script triggering this warning is safe. I wrote it myself and it makes some cross server calls that must look suspicious to csf. Now I know how to whitelist…
Luke Franklin
  • 151
4
votes
1 answer

csf dovecot and IP blocking

I'm using csf and noticed a lot of brute force password attempts into a particular pop3 account. csf does not appear to be blocking the IP addresses as it does with other processes. Is there a switch or config option that someone can point me to…
jim
  • 41
3
votes
1 answer

How to block all IPs in CSF except few static IPs?

The title is telling I guess. I'm wondering how to block ALL IPs in csf.deny except few trusted IPs? I've googled but could not find the answer.
Jand
  • 213
3
votes
1 answer

CSF blocks my IP trying to access Webmin

I'm in no way a sysadmin, so bear with me a little. I have a cloud server running Centos 5. I have Virtualmin/Webmin with a handful of sites running without issue. I also have CSF installed to stop persistent bot attacks. I can access all my sites…
Dan J
  • 135
3
votes
2 answers

How to make permanent changes to iptables of CentOS 5.5

I want to make an iptable rule permanent so if the server is rebooted I won't have to add the rule again. Specifically a rule I have related to nginx being reverse proxy of apache. iptables -t nat -A PREROUTING -p tcp -s ! 266.266.266.266 --dport 80…
diav
  • 33
3
votes
3 answers

How does iptables execute rules?

I've been having some trouble with a firewall blocking traffic between two servers recently and want to check how iptables handles multiple rules applying to the same IP. If I run iptables -L -n | grep 1.2.3.4 I see this output: ACCEPT all -- …
Dave Child
  • 307
2
votes
1 answer

Block direct port 80 access on default IP using iptables?

I am using nginx with cloudflare in front of my sites to protect them from layer 7 attacks but now some attackers found this new way and they are daily attacking my default IP directly with layer 7 attack instead of attacking the sites. I am…
Surfer
  • 21
2
votes
1 answer

Is it possible to open a CSF-LFD closed port without attaching an IP to it?

CSF-LFD blocks nearly all open ports. It also blocks port 10000 which I need. I can open the port via a similar code: cat << EOF >> /etc/csf/csf.conf tcp|in|d=10000|s=aa.bb.cc.dd EOF service csf restart For newcomers who read this, note I picked…
user329119
2
votes
2 answers

CSF/LFD - Suspicious processes when running nginx+php5-fpm+ Mysql

I am running LFD/CSF on three servers and on all servers I have the same problem since the first day when I set-up the server and installed LFD/CSF. I have nginx + php5-fpm + MySQL installed and lfd.log file is full of warnings: Jan 3 00:21:57…
user1821484
  • 1,249
2
votes
1 answer

MySQL port 3306 blocked in csf yet can still telnet to port 3306 from external host

We have a Centos 6 VPS that was recently migrated to a new machine within the same web hosting company. It's running WHM/cPanel and has csf/lfd installed. csf is set up with mostly vanilla config. I'm no iptables expert, csf has not let me down…
Neek
  • 133
1
2 3
8 9