I'm trying to use CSF on a Digital Ocean (DO) VPS and I'd like to try managing it through WebMin. The VPS came with Uncomplicated Firewall (UFW) pre-installed.
The VPS just serves one website. I like using the DO firewall for blocking ports and allow-listing my home IP, and continue to use it for that.
The only reason I want to use CSF is to block inbound connections from the three countries that make up 90% of the suspicious traffic hitting my site, slowing it down to almost unusable slowness.
I think the error messages are indicating that CFS cannot find the path to IPTABLES, and neither can I.
VPS info
- OS: Ubuntu 20.04.6 LTS x86_64
Host: Droplet 20171212
Kernel: 5.4.0-216-generic
Uptime: 3 days, 2 hours, 18 mins
Packages: 1048 (dpkg), 4 (snap)
Shell: bash 5.0.17
Resolution: 1024x768
CPU: DO-Regular (1) @ 2.294GHz
GPU: 00:02.0 Red Hat, Inc. Virtio GPU
Memory: 342MiB / 965MiB
Here's what I did:
Stopped Uncomplicated Firewall (UFW)
downloaded and ran the CSF install script
added my IP to csf.allow and csf.ignore
tested peal modules with perl /usr/local/csf/bin/csftest.pl and got the following error:
Code: Select all
Testing ip_tables/iptable_filter...open3: exec of /sbin/iptables -I OUTPUT -p tcp --dport 9999 -j ACCEPT failed: No such file or directory at /usr/local/csf/bin/csftest.pl line 144Doing systemctl status csf.service gives me this output:
Code: Select all
● csf.service - ConfigServer Firewall & Security - csf
Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2025-06-02 11:23:12 EDT; 7min ago
Process: 666549 ExecStart=/usr/sbin/csf --initup (code=exited, status=2)
Main PID: 666549 (code=exited, status=2)
Jun 02 11:23:12 Cloud02 systemd[1]: Starting ConfigServer Firewall & Security - csf...
Jun 02 11:23:12 Cloud02 csf[666549]: *Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/iptables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/URLGet.pm line 26.
Jun 02 11:23:12 Cloud02 csf[666549]: Compilation failed in require at /usr/sbin/csf line 21.
Jun 02 11:23:12 Cloud02 csf[666549]: BEGIN failed--compilation aborted at /usr/sbin/csf line 21.
Jun 02 11:23:12 Cloud02 systemd[1]: csf.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 02 11:23:12 Cloud02 systemd[1]: csf.service: Failed with result 'exit-code'.
Jun 02 11:23:12 Cloud02 systemd[1]: Failed to start ConfigServer Firewall & Security - csf.
And doing journalctl -xe gives this output:
Code: Select all
Jun 02 11:23:12 Cloud02 systemd[1]: Starting ConfigServer Firewall & Security - csf...
-- Subject: A start job for unit csf.service has begun execution
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A start job for unit csf.service has begun execution.
--
-- The job identifier is 32949.
Jun 02 11:23:12 Cloud02 csf[666549]: *Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/iptables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/URLGet.pm line 26.
Jun 02 11:23:12 Cloud02 csf[666549]: Compilation failed in require at /usr/sbin/csf line 21.
Jun 02 11:23:12 Cloud02 csf[666549]: BEGIN failed--compilation aborted at /usr/sbin/csf line 21.
Jun 02 11:23:12 Cloud02 systemd[1]: csf.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- An ExecStart= process belonging to unit csf.service has exited.
--
-- The process' exit code is 'exited' and its exit status is 2.
Jun 02 11:23:12 Cloud02 systemd[1]: csf.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- The unit csf.service has entered the 'failed' state with result 'exit-code'.
Jun 02 11:23:12 Cloud02 systemd[1]: Failed to start ConfigServer Firewall & Security - csf.
-- Subject: A start job for unit csf.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A start job for unit csf.service has finished with a failure.
--
-- The job identifier is 32949 and the job result is failed.
Jun 02 11:26:18 Cloud02 CRON[665534]: pam_unix(cron:session): session closed for user root
P.S. (I will probably also use lfd at some point, but for the time being, that's being handled by Cerber on the web ports, and the rest of the ports are not accessible from the Internet)