csfpost.sh not executed after updates

Post Reply
SharkWipf
Junior Member
Posts: 1
Joined: 24 Nov 2017, 15:37

csfpost.sh not executed after updates

Post by SharkWipf »

This has been a bug for a long time so I figured I'd make an account and report it.

Whenever CSF (re)starts it's supposed to execute /etc/csf/csfpost.sh.
However, it does not execute this file after auto-updating.

CSF Version: Every version over the past ~year at least, currently running "csf: v11.05 (DirectAdmin)"
Running on CentOS 7 with DirectAdmin.
Csftest shows no problems.

On a related note, is there a better way to deal with Docker on CSF? Currently using this script that I nicked online somewhere, but it's more of a hack than a real solution:

Code: Select all

#!/bin/sh

echo "[DOCKER] Setting up FW rules."

iptables -N DOCKER

# Masquerade outbound connections from containers
iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE

# Accept established connections to the docker containers
iptables -t filter -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# Allow docker containers to communicate with themselves & outside world
iptables -t filter -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
iptables -t filter -A FORWARD -i docker0 -o docker0 -j ACCEPT

echo "[DOCKER] Done."
marcele
Junior Member
Posts: 214
Joined: 17 Sep 2007, 17:02

Re: csfpost.sh not executed after updates

Post by marcele »

If I remember correctly there was a docker thread where chirpy talked about adding built in docker support. I know I'm seeing it installed on more and more hosts.

viewtopic.php?f=6&t=10284&p=28682&hilit=docker#p28251

I think he's just looking for a working iptables implementation than can detect if docker is installed and apply them automatically.

If /etc/csf/csfpost.sh isn't being run after updates then that should likely be fixed too as thats going to cause a lot of problems.
DEXO
Junior Member
Posts: 3
Joined: 06 Dec 2017, 07:12

Re: csfpost.sh not executed after updates

Post by DEXO »

Use full path eg

/sbin/iptables............

Worked for me.
Post Reply