ConfigServer Community Forum

Hello,

We are facing issue of "LFD" daemon failure regularly.

In WHM, it shows running and enabled, but failed to start.

Following is the error LFD generate:

>> Starting ConfigServer Firewall & Security - lfd...​​
>> Error: You have an unresolved error when starting csf. You need to restart csf successfully before starting lfd (see /etc/csf/csf.error)​​
>> PID file /var/run/lfd.pid not readable (yet?) after start.​​
>> Failed to start ConfigServer Firewall & Security - lfd.​​
>> Unit lfd.service entered failed state.​​
>> lfd.service failed.​​


We also check mentioned /etc/csf/csf.error file and found error as follows::​
Error: FASTSTART: (DROP no logging IPv4) [] [iptables-restore: line 20 failed]. Try restarting csf with FASTSTART disabled, at line 5080 in /usr/sbin/csf​

Therefore, we found solution on CSF Forum to disable FASTSTART=0 and reload csf by csf -r command​.

​
But LFD run for a day and same error occurred and LFD get stop.​
Kindly give the solution.
​
Regards,​
Suhas Tikle

I'm getting exactly the same error. lfd is dead as a dodo. It looks like some recent update has broken things. :-(

OK, I manually started LFD again with systemctl start lfd and it now works. I'd put this one down to "commandline csf -e and csf -r should really start lfd at the same time as csf". Not starting LFD is pretty unintuitive.

Same problem here, LFD is down, and form time to time even the firewall is stopped, I go to IP Tables, test and restart and the problem is solved temporarily but after a day or two it will be there again.
Some idea on how to solve for good?
Thanks in advance.

This is happening on 2 new servers - not on any of the old ones. FASTSTART is enabled on all. We set WAITLOCK to on & WAITLOCK_TIMEOUT is 300 on the affected servers after seeing lfd fail to start.

The failure to restart does NOT happen all the time. Logs are sprinkled with proper results:
But there's that once-a-day or so event. Log snippet:
/etc/csf/csf.error:
As others have noted, we use CC_DENY as well, and starting without FASTSTART takes hours, it seems, so that's not practical.
It appears that csf/lfd isn't confirmed as stopped prior to trying to restart.

We remove /etc/csf/csf.error and use csf -ra, and everything starts nicely.

Would settting WAITLOCK_TIMEOUT to a longer time be a solution? Again, we don't use that or WAITLOCK on any of the other couple of dozen or so servers we have, and never have the issue.

There is currently an issue that can manifest on servers where the xtables lock has been implemented which we are working on to resolve.

In the meantime, those seeing the problem should disable LF_CSF and enable WAITLOCK and then restart CSF and then lfd.

ForumAdmin wrote: ↑22 May 2017, 14:12 There is currently an issue that can manifest on servers where the xtables lock has been implemented which we are working on to resolve.

In the meantime, those seeing the problem should disable LF_CSF and enable WAITLOCK and then restart CSF and then lfd.

Thanks - we're giving that a try.

Also, the affected server deets, which may be useful:

Intel(R) Xeon(R) CPU X5570 @ 2.93GHz, 4 cores
Memory 4G
CloudLinux 7.3
Linux 3.10.0-427.36.1.lve1.4.47.el7.x86_64 on x86_64
cPanel v.64.0.22
ConfigServer Security & Firewall 10.08
ConfigServer eXploit Scanner - cxs v6.35

v10.09 has been released that should help with this:
https://blog.configserver.com/