Upgrade from 9.06 to 9.07

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
7 posts Page 1 of 1
jhave
Junior Member
Posts: 3
Joined: 05 Jul 2016, 12:59


Hi,

Its look like there come some problems when my installation upgrade to 9.07

cPanel Monitoring
Jul 05 13:57:29 web1.myserver.com systemd[1]: Starting ConfigServer Firewall & Security - lfd...
Jul 05 13:57:30 web1.myserver.com lfd[829351]: Error: You have an unresolved error when starting csf. You need to restart csf successfully before starting lfd (see /etc/csf/csf.error)
Jul 05 13:57:30 web1.myserver.com systemd[1]: PID file /var/run/lfd.pid not readable (yet?) after start.
Jul 05 13:57:30 web1.myserver.com systemd[1]: Failed to start ConfigServer Firewall & Security - lfd.
Jul 05 13:57:30 web1.myserver.com systemd[1]: Unit lfd.service entered failed state.
Jul 05 13:57:30 web1.myserver.com systemd[1]: lfd.service failed.

I i try to restart CSF i got this error
ALLOWOUT all opt in * out !lo ::/0 -> ::/0
ALLOWIN all opt in !lo out * ::/0 -> ::/0
csf: FASTSTART loading Packet Filter (IPv4)
csf: FASTSTART loading Packet Filter (IPv6)
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
INVALID tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
INVALID tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt in * out * ::/0 -> ::/0
INVALID tcp opt in !lo out * ::/0 -> ::/0
INVALID tcp opt in * out !lo ::/0 -> ::/0
csf: FASTSTART loading csf.deny (IPv4)
csf: FASTSTART loading csf.deny (IPv4 nat)
csf: FASTSTART loading csf.deny (IPv6)
Error: FASTSTART: (csf.deny IPv6) [] [ip6tables-restore v1.4.21: The -t option (seen in line 4) cannot be used in ip6tables-restore.]. Try restarting csf with FASTSTART disabled, at line 4911

The server setup is CloudLinux 7.2 with cPanel

// Jhave
ForumAdmin
Moderator
Posts: 1433
Joined: 01 Oct 2008, 09:24


That would suggest a problem with an IPv6 address entry in your /etc/csf/csf.deny file. If you can identify the entry and quote it here it might suggest why you are seeing an issue.
ForumAdmin
Moderator
Posts: 1433
Joined: 01 Oct 2008, 09:24


On further testing we have found an issue which we will investigate
ForumAdmin
Moderator
Posts: 1433
Joined: 01 Oct 2008, 09:24


This was actually not supported in csf before (IPv6 MESSENGER when IPSET not used). We've added support for it in v9.08 which we have just released:
http://blog.configserver.com
jhave
Junior Member
Posts: 3
Joined: 05 Jul 2016, 12:59


If i use the upgrade button i got this error.

Upgrading csf...

You have an unresolved error when starting csf:
Error: FASTSTART: (csf.deny IPv6) [] [ip6tables-restore v1.4.21: The -t option (seen in line 4) cannot be used in ip6tables-restore.]. Try restarting csf with FASTSTART disabled, at line 4911 in /usr/sbin/csf

You need to restart csf successfully to remove this warning, or delete /etc/csf/csf.error
...Done.

How do i upgrade ?
ForumAdmin
Moderator
Posts: 1433
Joined: 01 Oct 2008, 09:24


Delete /etc/csf/csf.error and then upgrade using:
Code: Select all
csf -u
jhave
Junior Member
Posts: 3
Joined: 05 Jul 2016, 12:59


Thanks

Its works now :)
7 posts Page 1 of 1