ICMP_IN false positive

1 post Page 1 of 1
godzillante
Junior Member
Posts: 3
Joined: 09 Dec 2014, 13:18


Hi,

I have a lot of cPanel servers running CSF+LFD. Recently I noticed that many IPs have been blocked out by ICMP_IN.

I checked the CSF rule, and ICMP_IN_RATE is the default 1/s, nonetheless when I start a simple ping (tested from different workstations) against my servers, my IP is eventyally blocked with the following log:
Code: Select all
Jun 27 13:02:15 web kernel: Firewall: *ICMP_IN Blocked* IN=eno1 OUT= MAC=ec:eb:b8:d1:a0:2f:d4:ca:6d:77:ed:eb:08:00 SRC=XXX.XXX.client.IP DST=YYY.YYY.server.ip LEN=84 TOS=0x00 PREC=0x00 TTL=62 ID=6734 PROTO=ICMP TYPE=8 CODE=0 ID=57440 SEQ=6204
I think it's a bug, because I'm not sending pings at more than 1 per second. :confused: Have you guys ever experienced the same issue? Could you please run some test in your environment?

Thank you in advance!
1 post Page 1 of 1