Unable to start lfd on centOS 8.2 with DA

[damiank]

Hey,
I'm unable to start lfd on centOS 8.2 with DirectAdmin v.1.61.3. iptables v1.8.4 (nf_tables). CSF and LFD in newest versions.

Logs:

CSF:
csf[2292642]: iptables v1.8.4 (nf_tables): RULE_APPEND failed (Invalid argument): rule in chain OUTPUT
csf[2292642]: LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
csf[2292642]: iptables v1.8.4 (nf_tables): RULE_APPEND failed (Invalid argument): rule in chain INPUT
csf[2292642]: LOGDROPIN all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
csf[2292642]: csf: FASTSTART loading DNS (IPv4)
csf[2292642]: iptables v1.8.4 (nf_tables): RULE_INSERT failed (No such file or directory): rule in chain OUTPUT
csf[2292642]: LOCALOUTPUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
csf[2292642]: iptables v1.8.4 (nf_tables): RULE_INSERT failed (Invalid argument): rule in chain INPUT
csf[2292642]: LOCALINPUT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
systemd[1]: Started ConfigServer Firewall & Security - csf.
systemd[1]: Stopping ConfigServer Firewall & Security - csf...
systemd[1]: csf.service: Stopping timed out. Terminating.
systemd[1]: csf.service: Control process exited, code=killed status=15
systemd[1]: csf.service: Failed with result 'timeout'.
systemd[1]: Stopped ConfigServer Firewall & Security - csf.
systemd[1]: Starting ConfigServer Firewall & Security - csf...

LFD:
systemd[1]: Starting ConfigServer Firewall & Security - lfd...
systemd[1]: lfd.service: Start operation timed out. Terminating.
systemd[1]: lfd.service: Failed with result 'timeout'.
systemd[1]: Failed to start ConfigServer Firewall & Security - lfd.

There was also a problem with start of iptables service, which is fine after reboot.

[damiank]

Just mentioning that I'm using newest standard version of CSF nad LFD and did not change any configuration. When error occured I tried to restore and upgrade iptables. It did not helped.

[websavers]

Did you find a fix for this? We're experiencing the same with CentOS 8.2.

[anykillator]

Hello, i had the same issue after update csf to the last version. I can fixed installing ipset. In you WHM go to Software / Install an RPM / ipset / Install.

I hope this help you!

[Black Tiger]

I've seen that @forumadmin put this out of the bug section, but this is certainly -not- a configuration failure in csf.conf. This is happening with people who have not even changed the config and had it running without issues for some time.

You find the issue all over Google. Seems it might have to do with some sudden incompatibility between some OpenVZ kernel versions or some conflicting issue with iptables and nftables working together on Centos 8.

IPSET is nice if you have a lot of blocks but won't fix this issue on fresh systems.

It might well be the way CSF is calling things is conflicting in some way with nftables, causing this behaviour which is seen in some rare cases on OpenVZ systems.

I don't have enough knowledge about this, but as it's happening more, it sure would be nice to have this fixed.

[ForumAdmin]

We stopped supporting Virtuozzo and OpenVZ back in March 2020 for all of our products:
https://blog.configserver.com/?p=3591