LFD daemon down

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
8 posts Page 1 of 1
SuhasTikle
Junior Member
Posts: 1
Joined: 27 Apr 2017, 07:07


Hello,

We are facing issue of "LFD" daemon failure regularly.

In WHM, it shows running and enabled, but failed to start.

Following is the error LFD generate:

>> Starting ConfigServer Firewall & Security - lfd...​​
>> Error: You have an unresolved error when starting csf. You need to restart csf successfully before starting lfd (see /etc/csf/csf.error)​​
>> PID file /var/run/lfd.pid not readable (yet?) after start.​​
>> Failed to start ConfigServer Firewall & Security - lfd.​​
>> Unit lfd.service entered failed state.​​
>> lfd.service failed.​​


We also check mentioned /etc/csf/csf.error file and found error as follows::​
Error: FASTSTART: (DROP no logging IPv4) [] [iptables-restore: line 20 failed]. Try restarting csf with FASTSTART disabled, at line 5080 in /usr/sbin/csf​

Therefore, we found solution on CSF Forum to disable FASTSTART=0 and reload csf by csf -r command​.


But LFD run for a day and same error occurred and LFD get stop.​
Kindly give the solution.

Regards,​
Suhas Tikle
jez
Junior Member
Posts: 10
Joined: 28 Sep 2012, 21:31


I'm getting exactly the same error. lfd is dead as a dodo. It looks like some recent update has broken things. :-(
jez
Junior Member
Posts: 10
Joined: 28 Sep 2012, 21:31


OK, I manually started LFD again with systemctl start lfd and it now works. I'd put this one down to "commandline csf -e and csf -r should really start lfd at the same time as csf". Not starting LFD is pretty unintuitive.
augecs
Junior Member
Posts: 3
Joined: 28 May 2011, 16:36


Same problem here, LFD is down, and form time to time even the firewall is stopped, I go to IP Tables, test and restart and the problem is solved temporarily but after a day or two it will be there again.
Some idea on how to solve for good?
Thanks in advance.
rispadmin
Junior Member
Posts: 13
Joined: 07 Oct 2015, 17:48


This is happening on 2 new servers - not on any of the old ones. FASTSTART is enabled on all. We set WAITLOCK to on & WAITLOCK_TIMEOUT is 300 on the affected servers after seeing lfd fail to start.

The failure to restart does NOT happen all the time. Logs are sprinkled with proper results:
Code: Select all
May 18 04:30:25 cpdev lfd[750603]: iptables appears to have been flushed - running *csf startup*...
May 18 04:31:07 cpdev lfd[750603]: csf startup completed
But there's that once-a-day or so event. Log snippet:
Code: Select all
May 18 11:35:52 cpdev lfd[750603]: iptables appears to have been flushed - running *csf startup*...
May 18 11:35:59 cpdev lfd[750603]: csf startup completed
May 18 11:35:59 cpdev lfd[924656]: *Error* csf reported an error (see /etc/csf/csf.error). *lfd stopped*, at line 7139
May 18 11:35:59 cpdev lfd[924656]: daemon stopped
May 18 11:36:04 cpdev lfd[750603]: *Error* pid mismatch or missing, at line 918
May 18 11:36:04 cpdev lfd[750603]: daemon stopped
/etc/csf/csf.error:
Code: Select all
Error: FASTSTART: (Packet Filter IPv4) [] [iptables-restore: line 2 failed]. Try restarting csf with FASTSTART disabled, at line 5080 in /usr/sbin/csf
As others have noted, we use CC_DENY as well, and starting without FASTSTART takes hours, it seems, so that's not practical.
It appears that csf/lfd isn't confirmed as stopped prior to trying to restart.

We remove /etc/csf/csf.error and use csf -ra, and everything starts nicely.

Would settting WAITLOCK_TIMEOUT to a longer time be a solution? Again, we don't use that or WAITLOCK on any of the other couple of dozen or so servers we have, and never have the issue.
ForumAdmin
Moderator
Posts: 1432
Joined: 01 Oct 2008, 09:24


There is currently an issue that can manifest on servers where the xtables lock has been implemented which we are working on to resolve.

In the meantime, those seeing the problem should disable LF_CSF and enable WAITLOCK and then restart CSF and then lfd.
rispadmin
Junior Member
Posts: 13
Joined: 07 Oct 2015, 17:48


22 May 2017, 14:12ForumAdmin wrote:
There is currently an issue that can manifest on servers where the xtables lock has been implemented which we are working on to resolve.

In the meantime, those seeing the problem should disable LF_CSF and enable WAITLOCK and then restart CSF and then lfd.
Thanks - we're giving that a try.

Also, the affected server deets, which may be useful:

Intel(R) Xeon(R) CPU X5570 @ 2.93GHz, 4 cores
Memory 4G
CloudLinux 7.3
Linux 3.10.0-427.36.1.lve1.4.47.el7.x86_64 on x86_64
cPanel v.64.0.22
ConfigServer Security & Firewall 10.08
ConfigServer eXploit Scanner - cxs v6.35
ForumAdmin
Moderator
Posts: 1432
Joined: 01 Oct 2008, 09:24


v10.09 has been released that should help with this:
https://blog.configserver.com/
8 posts Page 1 of 1