Page 1 of 1

CSF Firewall

Posted: 10 Jan 2020, 00:58
by TheGameMonsters
Every hour or so the CSF firewall will say, "Firewall enabled, but not started."

The error logs are as follows:
https://i.imgur.com/QaG8TPP.png

Google hasn't been forth coming haha. Any help with this issue would be greatly appreciated.

Re: CSF Firewall

Posted: 13 Jan 2020, 21:31
by TheGameMonsters
So, I updated my CSF, but it still shows that it's "Enabled but Stopped."

I thought maybe the error was occurring because of the MM_LICENSE_KEY. So, I configured CSF with the key. I no longer get the error regarding the key, but CSF continually stops. No errors from /etc/csf/csf.error.

Please advise.

Re: CSF Firewall

Posted: 14 Jan 2020, 10:03
by keat63
what does the csf error log say

Re: CSF Firewall

Posted: 14 Jan 2020, 13:44
by TheGameMonsters
The logs provided at /var/log/lfd.log

shows the following:

Code: Select all

Jan 14 07:09:11 alpha lfd[726]: *WHM/cPanel root access* from *.*.*.*
Jan 14 07:12:21 alpha lfd[27876]: iptables appears to have been flushed - running *csf startup*...
Jan 14 07:12:22 alpha lfd[27876]: csf startup completed
Jan 14 07:17:22 alpha lfd[27876]: iptables appears to have been flushed - running *csf startup*...
Jan 14 07:17:23 alpha lfd[27876]: csf startup completed
Jan 14 07:22:24 alpha lfd[27876]: iptables appears to have been flushed - running *csf startup*...
Jan 14 07:22:25 alpha lfd[27876]: csf startup completed
Jan 14 07:27:25 alpha lfd[27876]: iptables appears to have been flushed - running *csf startup*...
Jan 14 07:27:26 alpha lfd[27876]: csf startup completed
Jan 14 07:32:27 alpha lfd[27876]: iptables appears to have been flushed - running *csf startup*...
Jan 14 07:32:28 alpha lfd[27876]: csf startup completed
Jan 14 07:37:28 alpha lfd[27876]: iptables appears to have been flushed - running *csf startup*...
Jan 14 07:37:30 alpha lfd[27876]: csf startup completed
Jan 14 07:42:30 alpha lfd[27876]: iptables appears to have been flushed - running *csf startup*...
Jan 14 07:42:31 alpha lfd[27876]: csf startup completed
I redacted the IP access record because it's my personal IP address.

Re: CSF Firewall

Posted: 14 Jan 2020, 14:05
by TheGameMonsters
After some checking, I've noticed it only goes down after I get these logs in /var/log/messages

Code: Select all

Jan 14 08:03:02 alpha systemd: Started Session 5148 of user root.
Jan 14 08:03:02 alpha systemd: Created slice User Slice of billing.
Jan 14 08:03:02 alpha systemd: Started Session 5149 of user billing.
Jan 14 08:03:02 alpha systemd: Started Session 5146 of user root.
Jan 14 08:03:02 alpha systemd: Started Session 5147 of user root.
Jan 14 08:03:03 alpha systemd: Removed slice User Slice of billing.

Re: CSF Firewall

Posted: 17 Jan 2020, 21:29
by TheGameMonsters
I'm sorry for bumping this, but the firewall will not stay on. I've sent logs, if any additional is needed please advise.

I've got a temporary fix which is having 2 cron jobs running every minute.

Code: Select all

* * * * * sleep 30; /usr/sbin/csf -s

Code: Select all

* * * * * /usr/sbin/csf -s

Please advise. This is the only way I've managed to keep the firewall on.

Re: CSF Firewall

Posted: 21 Jan 2020, 23:17
by TheGameMonsters
I've resorted to reinstalling CSF Firewall. The issue still persists.

Here's a screenshot of the system information.
https://i.imgur.com/vQsnUcg.png


Please advise.

Re: CSF Firewall

Posted: 28 Jan 2020, 08:50
by TheGameMonsters
So, after doing quite a bit of research on my own, I discovered there was an issue with IP Tables itself. CSF was attempting to save the rules, over, and over again. Eventually CSF had the same IP addresses listed in the rules file. I cleared the file, and disabled faststart. And it's stable again.