CSF Firewall

Post Reply
TheGameMonsters
Junior Member
Posts: 8
Joined: 10 Jan 2020, 00:55

CSF Firewall

Post by TheGameMonsters »

Every hour or so the CSF firewall will say, "Firewall enabled, but not started."

The error logs are as follows:
https://i.imgur.com/QaG8TPP.png

Google hasn't been forth coming haha. Any help with this issue would be greatly appreciated.
TheGameMonsters
Junior Member
Posts: 8
Joined: 10 Jan 2020, 00:55

Re: CSF Firewall

Post by TheGameMonsters »

So, I updated my CSF, but it still shows that it's "Enabled but Stopped."

I thought maybe the error was occurring because of the MM_LICENSE_KEY. So, I configured CSF with the key. I no longer get the error regarding the key, but CSF continually stops. No errors from /etc/csf/csf.error.

Please advise.
keat63
Junior Member
Posts: 93
Joined: 17 Dec 2014, 14:50

Re: CSF Firewall

Post by keat63 »

what does the csf error log say
TheGameMonsters
Junior Member
Posts: 8
Joined: 10 Jan 2020, 00:55

Re: CSF Firewall

Post by TheGameMonsters »

The logs provided at /var/log/lfd.log

shows the following:

Code: Select all

Jan 14 07:09:11 alpha lfd[726]: *WHM/cPanel root access* from *.*.*.*
Jan 14 07:12:21 alpha lfd[27876]: iptables appears to have been flushed - running *csf startup*...
Jan 14 07:12:22 alpha lfd[27876]: csf startup completed
Jan 14 07:17:22 alpha lfd[27876]: iptables appears to have been flushed - running *csf startup*...
Jan 14 07:17:23 alpha lfd[27876]: csf startup completed
Jan 14 07:22:24 alpha lfd[27876]: iptables appears to have been flushed - running *csf startup*...
Jan 14 07:22:25 alpha lfd[27876]: csf startup completed
Jan 14 07:27:25 alpha lfd[27876]: iptables appears to have been flushed - running *csf startup*...
Jan 14 07:27:26 alpha lfd[27876]: csf startup completed
Jan 14 07:32:27 alpha lfd[27876]: iptables appears to have been flushed - running *csf startup*...
Jan 14 07:32:28 alpha lfd[27876]: csf startup completed
Jan 14 07:37:28 alpha lfd[27876]: iptables appears to have been flushed - running *csf startup*...
Jan 14 07:37:30 alpha lfd[27876]: csf startup completed
Jan 14 07:42:30 alpha lfd[27876]: iptables appears to have been flushed - running *csf startup*...
Jan 14 07:42:31 alpha lfd[27876]: csf startup completed
I redacted the IP access record because it's my personal IP address.
TheGameMonsters
Junior Member
Posts: 8
Joined: 10 Jan 2020, 00:55

Re: CSF Firewall

Post by TheGameMonsters »

After some checking, I've noticed it only goes down after I get these logs in /var/log/messages

Code: Select all

Jan 14 08:03:02 alpha systemd: Started Session 5148 of user root.
Jan 14 08:03:02 alpha systemd: Created slice User Slice of billing.
Jan 14 08:03:02 alpha systemd: Started Session 5149 of user billing.
Jan 14 08:03:02 alpha systemd: Started Session 5146 of user root.
Jan 14 08:03:02 alpha systemd: Started Session 5147 of user root.
Jan 14 08:03:03 alpha systemd: Removed slice User Slice of billing.
TheGameMonsters
Junior Member
Posts: 8
Joined: 10 Jan 2020, 00:55

Re: CSF Firewall

Post by TheGameMonsters »

I'm sorry for bumping this, but the firewall will not stay on. I've sent logs, if any additional is needed please advise.

I've got a temporary fix which is having 2 cron jobs running every minute.

Code: Select all

* * * * * sleep 30; /usr/sbin/csf -s

Code: Select all

* * * * * /usr/sbin/csf -s

Please advise. This is the only way I've managed to keep the firewall on.
TheGameMonsters
Junior Member
Posts: 8
Joined: 10 Jan 2020, 00:55

Re: CSF Firewall

Post by TheGameMonsters »

I've resorted to reinstalling CSF Firewall. The issue still persists.

Here's a screenshot of the system information.
https://i.imgur.com/vQsnUcg.png


Please advise.
TheGameMonsters
Junior Member
Posts: 8
Joined: 10 Jan 2020, 00:55

Re: CSF Firewall

Post by TheGameMonsters »

So, after doing quite a bit of research on my own, I discovered there was an issue with IP Tables itself. CSF was attempting to save the rules, over, and over again. Eventually CSF had the same IP addresses listed in the rules file. I cleared the file, and disabled faststart. And it's stable again.
Post Reply