Search found 9 matches

Search found 9 matches Page 1 of 1
by n8v8r
01 Jun 2018, 10:20
Forum: Suggestions (csf)
Topic: dns over tcp - invalid packets tcp_in port 853
Replies: 2
Views: 1344

It appears that CSF is flagging erroneously almost any traffic (in/out) over port 853 as invalid with having Drop out of order packets and packets in an INVALID state in iptables connection tracking enabled and set PS_PORTS = 0:65535,ICMP,INVALID,OPEN,BRD Not clear whether the root cause is iptables...
by n8v8r
24 May 2018, 23:50
Forum: Suggestions (csf)
Topic: prevent flushing of iptables from lxc.service when csf restarts
Replies: 0
Views: 904

lxc.service (lxc containers) comes with its own set of iptables which are loaded when lxc.service starts. since csf is flushing the iptable entirely when restarted the lxc container(s) loosing connectivity. lxc.service does not provide for a reload but only restart which in turn is killing any activ...
by n8v8r
23 May 2018, 07:31
Forum: General Discussion (csf)
Topic: ubuntu-bionic log file location /var/log/messages
Replies: 0
Views: 399

Linux server 4.15.0-22-generic #24-Ubuntu SMP Wed May 16 12:15:17 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux CSF 12.03 It been driving me bonkers until realizing that the log file locations /var/log/messages set as default by CSF are not applicable for unbuntu(-bionic) and instead are reading /var/log/...
by n8v8r
17 May 2018, 10:38
Forum: General Discussion (csf)
Topic: ETH_DEVICE_SKIP = "tun+" not working
Replies: 0
Views: 404

Is it a misunderstaning to expect device + to be working with ETH_DEVICE_SKIP when for ETH_DEVICE it is stated applied to a specific NIC, then list it here (e.g. eth1, or eth + ) Having ETH_DEVICE_SKIP = "tun+" CSF is reporting *WARNING* ETH_DEVICE_SKIP device [tun+] not listed in ip/ifconfig despit...
by n8v8r
11 May 2018, 14:23
Forum: General Discussion (csf)
Topic: ETH_DEVICE not working
Replies: 0
Views: 415

Linux server 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1 (2018-04-29) x86_64 GNU/Linux CSF 12.03 OpenVPN 2.4.4 x86_64-pc-linux-gnu public iface eth0 private vpn iface tun1 My understanding of If you only want iptables rules applied to a specific NIC would be that with setting ETH_DEVICE = "eth0" that csf w...
by n8v8r
22 Apr 2018, 01:43
Forum: Suggestions (csf)
Topic: Outgoing TCP Flood Protection
Replies: 0
Views: 473

Whilst Outgoing UDP Flood Protection is available there is none for TCP however
by n8v8r
21 Apr 2018, 22:26
Forum: Suggestions (csf)
Topic: port for openWRT (ARM soc)
Replies: 0
Views: 427

fw3 (firewall), as deployed in openWRT, is rather bare bones compared to CSF and yet with the increasing sophistication of attacks on residential ip/routers it would be helpful to have a more sophisticated firewall like CSF ported for openWRT routers.
by n8v8r
21 Apr 2018, 22:16
Forum: Suggestions (csf)
Topic: nftables
Replies: 0
Views: 407

Considering that nftables has been around a while and since then matured would it not be good to transition CSF accordingly? Supposedly it should make the life around netfilter easier

https://wiki.nftables.org/wiki-nftables ... ftables%3F
by n8v8r
21 Apr 2018, 22:06
Forum: Suggestions (csf)
Topic: dns over tcp - invalid packets tcp_in port 853
Replies: 2
Views: 1344

Debian 9.4 server kernel 4.9.0-6-amd64 iptables ipv4 v1.6.0 unbound 1.6.0 csf 12.02 (DNS strict off / Paket Filter on) unbound, being the local resolver, is issuing DNS over TLS requests to the upstream resolver over TCP with destination port 853. The response from the upstream resolver is getting b...
Search found 9 matches Page 1 of 1