Initially they seem to work but I'm not even sure if this is CSF not working at all because once you hit csf -r it seems this breaks something on a permanent basis as you cannot start any container anymore, giving an error about iptables no chain/target by that name.
I have tried for hours to make CSF work with a vanilla CentOS 7 server. I have replicated this multiple times, Just CentOS minimal, CSF and Docker.
It seems Docker just hates iptables but works perfectly fine if you leave firewalld in place. I'm not blaming this on CSF but it seems there is no proper way to make it work with CSF. Should not CSF just read the rules Docker creates and add them to iptables? I'm not sure why restarting or making configuration changes on CFS breaks this as all it could do is just re-read the previous rules from iptables.
I basically need to do some rules outside of "csf". Our product integrates with firewalld. Is that a huge problem? How do you integrate the two?
Is there any way to programmatically add rules to csf, and then just restart csf instead?