ConfigServer Community Forum

Thanks for the info guys. I wasn't aware that you had to explicitly add the device to ETH_DEVICE... I always had it blank and just added my internal eth1 device to ETH_DEVICE_SKIP. This was always working in the past. I just had this issue after updating csf .. something must have changed.

With bogons enabled (LF_BOGON) it blocks interfaces even if they are in the interface "skip" list (using ETH_DEVICE_SKIP). So with it enabled it blocks connecting to internal IP's on eth1 even if eth1 shouldn't have rules applied to it.

Using csf version 4.36 on centos 5

Yes its very odd. I installed csf to a separate vm and don't have the problem at all. I'll open a ticket and you can login to one of the servers.

Sorry this isn't the case. This is happening on our new Centos 5.2 installs .. I've verified that TESTING = "0" .. and there are no crons installed. This is happening on multiple machines. I'm a longtime csf user and never experienced this problem before. Here is the csf.conf: http://paste...

On any newer servers I get this message when trying to start csf:

Starting csf:iptables: Index of insertion too big

Running Centos 5.2
uname -a
Linux 2.6.18-92.1.13.el5 #1 SMP 8 i686 i686 i386 GNU/Linux

iptables-1.3.5-4.el5

Even if I add an IP to csf.ignore it still temp bans it (connection tracking)? Am I missing something here? Is this a bug?

The connection tracking still temporary bans IP's listed in the csf.allow file. (using v2.89)

Update: Sorry my bad .. I guess there is a separate ignore file for LFD checks (csf.ignore). This should be added to the readme.txt Thanks guys !