lfd / CSF Wont start up.

Musicfreak

Verified User
Joined
Mar 14, 2017
Messages
42
Location
Netherlands
i ran Sudo yum update --cves --sec-severity && yum upgrade && rm -rf /var/cache/yum
on my server and it gives the following updates.

all updates install fine and everything seems to work also. even LFD start and i can restart it no problem. BUT once i restart the server and it comes back up LFD wont start up.
it says Try restarting csf with FASTSTART disabled. You need to restart csf successfully to remove this warning, or delete /etc/csf/csf.error


i did remove the csf.error file but the same problem.

Code:
==============================================================================================================================================================
 Package                                   Arch                           Version                                      Repository                        Size
==============================================================================================================================================================
Installing:
 kernel                                    x86_64                         3.10.0-862.3.2.el7                           updates                           46 M
 kernel-devel                              x86_64                         3.10.0-862.3.2.el7                           updates                           16 M
Updating:
 initscripts                               x86_64                         9.49.41-1.el7                                base                             437 k
 iproute                                   x86_64                         4.11.0-14.el7                                base                             763 k
 iprutils                                  x86_64                         2.4.15.1-1.el7                               base                             243 k
 iptables                                  x86_64                         1.4.21-24.1.el7_5                            updates                          432 k
 kernel-headers                            x86_64                         3.10.0-862.3.2.el7                           updates                          7.1 M
 kernel-tools                              x86_64                         3.10.0-862.3.2.el7                           updates                          6.2 M
 kernel-tools-libs                         x86_64                         3.10.0-862.3.2.el7                           updates                          6.2 M
Removing:
 kernel                                    x86_64                         3.10.0-693.5.2.el7                           @updates                          59 M
 kernel-devel                              x86_64                         3.10.0-693.5.2.el7                           @updates                          36 M

not sure its 1 of these but strange is it works untill i reboot the server.
 
Last edited:
Hello,

1. Read /etc/csf/csf.error ... fix
2. Remove
/etc/csf/csf.error
3. Start lsfd/csf
 
i tried that. but didnt work had to restore a backup before it started working again. Forgot to copy the text out of the csf.error to show.
 
Please copy the text from csf.error here, next to that:
Try restarting csf with FASTSTART disabled
Does it only says this or does it mention a line number like "Try restarting csf with FASTSTART disabled, at line xxx". If it mentiones a line number also, have a look at what's in that line.
 
Please copy the text from csf.error here, next to that:

Does it only says this or does it mention a line number like "Try restarting csf with FASTSTART disabled, at line xxx". If it mentiones a line number also, have a look at what's in that line.

iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Error: FASTSTART: (DROP no logging IPv4) [] [iptables-restore v1.4.21: iptables-restore: unable to initialize table 'filter']. Try restarting csf with FASTSTART disabled, at line 5522
 
when i updated these packages it broke.

Code:
==============================================================================================================================================================
 Package                                   Arch                           Version                                      Repository                        Size
==============================================================================================================================================================
Installing:
 kernel                                    x86_64                         3.10.0-862.3.2.el7                           updates                           46 M
 kernel-devel                              x86_64                         3.10.0-862.3.2.el7                           updates                           16 M
Updating:
 initscripts                               x86_64                         9.49.41-1.el7                                base                             437 k
 iproute                                   x86_64                         4.11.0-14.el7                                base                             763 k
 iprutils                                  x86_64                         2.4.15.1-1.el7                               base                             243 k
 iptables                                  x86_64                         1.4.21-24.1.el7_5                            updates                          432 k
 kernel-headers                            x86_64                         3.10.0-862.3.2.el7                           updates                          7.1 M
 kernel-tools                              x86_64                         3.10.0-862.3.2.el7                           updates                          6.2 M
 kernel-tools-libs                         x86_64                         3.10.0-862.3.2.el7                           updates                          6.2 M
Removing:
 kernel                                    x86_64                         3.10.0-693.5.2.el7                           @updates                          59 M
 kernel-devel                              x86_64                         3.10.0-693.5.2.el7                           @updates                          36 M

when i click on test Iptables it gives this error


Code:
Testing ip_tables/iptable_filter...FAILED [FATAL Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for csf to function
Testing ipt_LOG...FAILED [FATAL Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for csf to function
Testing ipt_multiport/xt_multiport...FAILED [FATAL Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for csf to function
Testing ipt_REJECT...FAILED [FATAL Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for csf to function
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for csf to function
Testing ipt_limit/xt_limit...FAILED [FATAL Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for csf to function
Testing ipt_recent...FAILED [Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for PORTFLOOD and PORTKNOCKING features
Testing xt_connlimit...FAILED [Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...FAILED [Error: iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT...FAILED [Error: iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for csf.redirect feature

RESULT: csf will not function on this server due to FATAL errors from missing modules [6]

Disabling Faststart to 0 didnt help
 
Last edited:
http://www.webhostingtalk.com/showthread.php?t=1685482
and others for iptable searchimng the web

CENTOS

You update only parts as for security with Yum ?

but a lot of kernel bugs should be there then if not up to date ( overige delen)

http://suhail-ah.blogspot.com/2016/01/iptables-restore-iptables-restore.html

To resolve this, check the output of iptables -L if that gives any output, save it using following command and then restart iptables as shown below.
Saving iptables rules:


You can also get errors with iptables if you've installed a new version of the Kernel but you haven't rebooted yet
 
Last edited:
http://www.webhostingtalk.com/showthread.php?t=1685482
and others for iptable searchimng the web

CENTOS

You update only parts as for security with Yum ?

but a lot of kernel bugs should be there then if not up to date ( overige delen)

http://suhail-ah.blogspot.com/2016/01/iptables-restore-iptables-restore.html




You can also get errors with iptables if you've installed a new version of the Kernel but you haven't rebooted yet

no i update everything. not only securty updates.

there where 180 packages avail for update so i installed them 1 by 1 to see which one gave the problems and it seems these were left.

i checked both links i tried it also. I did reboot multiply times. Not working.
 
try:

sudo modprobe ip_tables
sudo echo 'ip_tables' >> /etc/modules
 
no i update everything. not only securty updates.

there where 180 packages avail for update so i installed them 1 by 1 to see which one gave the problems and it seems these were left.

i checked both links i tried it also. I did reboot multiply times. Not working.

So you did both links

then iptalbes L and iptable start should give more info or errors?
 
When looking around you see this issue re-occuring several times, also years ago.
In most cases it has to do with some issue between the kernel and iptables.

You did have a kernel update on the yum update.
It might be an idea to use the previous kernel version and wait for a newer one to come up, before updateding the kernel again.
 
Output of command for iptables yes or no running and errors and so on

For csf needed.
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server
 
Perhaps iptables or your kernel needs to be upgraded.

What do you see when running the following commands?

Code:
uname -a

Code:
lsmod | egrep "^(ip_|ipt|xt_)"
 
If everything allright you still could have this prob ( don't know if centos 7 this could..)

You could read some about that here https://forum.directadmin.com/showthread.php?t=44839&p=229244#post229244

So in this case we dont need iptables at all ? if we use CSF/LFD?

What do you see when running the following commands?

Code:
uname -a

Code:
lsmod | egrep "^(ip_|ipt|xt_)"

uname -a
Linux mail 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

lsmod | egrep "^(ip_|ipt|xt_)"
xt_owner 12534 2
xt_REDIRECT 12757 0
xt_conntrack 12760 30
xt_LOG 12690 6
xt_limit 12711 7
xt_multiport 12798 4
iptable_nat 12875 0
iptable_mangle 12695 0
iptable_raw 12678 0
ipt_REJECT 12541 1
iptable_filter 12810 1
ip_tables 27115 4 iptable_filter,iptable_mangle,iptable_nat,iptable_raw

when i try chkconfig iptables off i see

error reading information on service iptables: No such file or directory
 
Last edited:
Back
Top