Search found 5 matches
- 11 Aug 2016, 15:17
- Forum: Suggestions (csf)
- Topic: Suggest changing chkconfig line to start CSF earlier
- Replies: 2
- Views: 4196
Re: Suggest changing chkconfig line to start CSF earlier
Sorry for the delayed response... The firewall should start *before* the network is up. That is why iptables starts at 08 and network at 10. I recommend 09 based on your response, however, 12 would be better than nothing (c[sf] would still start before s[ssd]). I guess it doesn't really matter becau...
- 11 Aug 2016, 15:08
- Forum: General Discussion (csf)
- Topic: csfpre rules is remove by csf or lfd
- Replies: 4
- Views: 5779
Re: csfpre rules is remove by csf or lfd
The solution to this issue (in case you happen upon this ancient post) is that your iptables commands in csfpre.sh must have the full path to iptables (i.e. /sbin/iptables). The "update" process that automatically restarts does not have /sbin in its path.
- 11 Aug 2016, 15:04
- Forum: Report Bugs (csf)
- Topic: LFD create a zombie defunct process
- Replies: 11
- Views: 14177
Re: LFD create a zombie defunct process
We also have an issue where several of our systems are getting defunct lfd processes. 1. Type of Virtual Server: VMWare 2. Kernel Version: 2.6.32-642.3.1.el6.x86_64 3. OS/Version: CentOS 6.8 4. Memory: 16GB 5. Process Name: [lfd] Details: # ps -ef | grep lfd root 6678 1 0 00:07 ? 00:00:17 lfd - slee...
- 11 Jan 2014, 01:50
- Forum: General Discussion (csf)
- Topic: csfpre rules is remove by csf or lfd
- Replies: 4
- Views: 5779
Re: csfpre rules is remove by csf or lfd
We have seen this problem several times as well. I have a sneaking suspicion that it has something to do with automatic updates.
- 23 Jul 2013, 11:24
- Forum: Suggestions (csf)
- Topic: Suggest changing chkconfig line to start CSF earlier
- Replies: 2
- Views: 4196
Suggest changing chkconfig line to start CSF earlier
Hi, We are having a bad interaction between CSF and SSSD. SSSD starts at 12 and CSF starts at 15. When CSF starts, it starts blocking packets for a period of time (sometimes several seconds) while it sorts out its policies (csf.allow). We do not have an extensive set of policies, but maybe 20 or so ...