Results 1 to 2 of 2

Thread: Why CSF blocking all traffic?

  1. #1
    Join Date
    May 2014
    Posts
    2

    Why CSF blocking all traffic?

    I've installed CSF firewall with Directadmin. when the firewall is running, it blocks all the incoming and outgoing connections.

    My iptables -L -n:

    Code:
    Chain INPUT (policy DROP)
    target     prot opt source     destination
    ACCEPT     tcp  --  8.8.8.8   0.0.0.0/0 tcp dpt:53
    ACCEPT     udp  --  8.8.8.8   0.0.0.0/0 udp dpt:53
    ACCEPT     tcp  --  8.8.8.8   0.0.0.0/0 tcp spt:53
    ACCEPT     udp  --  8.8.8.8   0.0.0.0/0 udp spt:53
    LOCALINPUT  all  --  0.0.0.0/0  0.0.0.0/0
    ACCEPT     all  --  0.0.0.0/0   0.0.0.0/0
    INVALID    tcp  --  0.0.0.0/0   0.0.0.0/0
    ACCEPT     all  --  0.0.0.0/0   0.0.0.0/0   state RELATED,ESTABLISHED
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:20
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:21
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:22
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:25
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:53
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:80
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:110
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:143
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:443
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:465
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:587
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:993
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:995
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:2222
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:6622
    ACCEPT     udp  --  0.0.0.0/0   0.0.0.0/0   state NEW udp dpt:20
    ACCEPT     udp  --  0.0.0.0/0   0.0.0.0/0   state NEW udp dpt:21
    ACCEPT     udp  --  0.0.0.0/0   0.0.0.0/0   state NEW udp dpt:53
    ACCEPT     icmp --  0.0.0.0/0   0.0.0.0/0   icmptype 8 limit: avg 1/sec burst 5
    ACCEPT     icmp --  0.0.0.0/0   0.0.0.0/0   icmptype 0 limit: avg 1/sec burst 5
    ACCEPT     icmp --  0.0.0.0/0   0.0.0.0/0   icmptype 11
    ACCEPT     icmp --  0.0.0.0/0   0.0.0.0/0   icmptype 3
    LOGDROPIN  all  --  0.0.0.0/0   0.0.0.0/0
    
    Chain FORWARD (policy DROP)
    target     prot opt source     destination
    
    Chain OUTPUT (policy DROP)
    target     prot opt source     destination
    ACCEPT     tcp  --  0.0.0.0/0   8.8.8.8   tcp dpt:53
    ACCEPT     udp  --  0.0.0.0/0   8.8.8.8   udp dpt:53
    ACCEPT     tcp  --  0.0.0.0/0   8.8.8.8   tcp spt:53
    ACCEPT     udp  --  0.0.0.0/0   8.8.8.8   udp spt:53
    LOCALOUTPUT  all  --  0.0.0.0/0 0.0.0.0/0
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   tcp dpt:53
    ACCEPT     udp  --  0.0.0.0/0   0.0.0.0/0   udp dpt:53
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   tcp spt:53
    ACCEPT     udp  --  0.0.0.0/0   0.0.0.0/0   udp spt:53
    ACCEPT     all  --  0.0.0.0/0   0.0.0.0/0
    INVALID    tcp  --  0.0.0.0/0   0.0.0.0/0
    ACCEPT     all  --  0.0.0.0/0   0.0.0.0/0   state RELATED,ESTABLISHED
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:20
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:21
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:22
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:25
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:53
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:80
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:110
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:113
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:443
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:587
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:993
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:995
    ACCEPT     tcp  --  0.0.0.0/0   0.0.0.0/0   state NEW tcp dpt:2222
    ACCEPT     udp  --  0.0.0.0/0   0.0.0.0/0   state NEW udp dpt:20
    ACCEPT     udp  --  0.0.0.0/0   0.0.0.0/0   state NEW udp dpt:21
    ACCEPT     udp  --  0.0.0.0/0   0.0.0.0/0   state NEW udp dpt:53
    ACCEPT     udp  --  0.0.0.0/0   0.0.0.0/0   state NEW udp dpt:113
    ACCEPT     udp  --  0.0.0.0/0   0.0.0.0/0   state NEW udp dpt:123
    ACCEPT     icmp --  0.0.0.0/0   0.0.0.0/0   icmptype 0
    ACCEPT     icmp --  0.0.0.0/0   0.0.0.0/0   icmptype 8
    ACCEPT     icmp --  0.0.0.0/0   0.0.0.0/0   icmptype 11
    ACCEPT     icmp --  0.0.0.0/0   0.0.0.0/0   icmptype 3
    LOGDROPOUT  all  --  0.0.0.0/0  0.0.0.0/0
    
    Chain ALLOWIN (1 references)
    target     prot opt source     destination
    ACCEPT     all  --  85.89.162.104    0.0.0.0/0
    
    Chain ALLOWOUT (1 references)
    target     prot opt source     destination
    ACCEPT     all  --  0.0.0.0/0   85.89.162.104
    
    Chain DENYIN (1 references)
    target     prot opt source     destination
    
    Chain DENYOUT (1 references)
    target     prot opt source     destination
    
    Chain INVALID (2 references)
    target     prot opt source     destination
    INVDROP    all  --  0.0.0.0/0   0.0.0.0/0   state INVALID
    INVDROP    tcp  --  0.0.0.0/0   0.0.0.0/0   tcpflags: 0x3F/0x00
    INVDROP    tcp  --  0.0.0.0/0   0.0.0.0/0   tcpflags: 0x3F/0x3F
    INVDROP    tcp  --  0.0.0.0/0   0.0.0.0/0   tcpflags: 0x03/0x03
    INVDROP    tcp  --  0.0.0.0/0   0.0.0.0/0   tcpflags: 0x06/0x06
    INVDROP    tcp  --  0.0.0.0/0   0.0.0.0/0   tcpflags: 0x05/0x05
    INVDROP    tcp  --  0.0.0.0/0   0.0.0.0/0   tcpflags: 0x11/0x01
    INVDROP    tcp  --  0.0.0.0/0   0.0.0.0/0   tcpflags: 0x18/0x08
    INVDROP    tcp  --  0.0.0.0/0   0.0.0.0/0   tcpflags: 0x30/0x20
    INVDROP    tcp  --  0.0.0.0/0   0.0.0.0/0   tcpflags:! 0x17/0x02 state NEW
    
    Chain INVDROP (10 references)
    target     prot opt source     destination
    DROP    all  --  0.0.0.0/0  0.0.0.0/0
    
    Chain LOCALINPUT (1 references)
    target     prot opt source     destination
    ALLOWIN    all  --  0.0.0.0/0   0.0.0.0/0
    DENYIN     all  --  0.0.0.0/0   0.0.0.0/0
    
    Chain LOCALOUTPUT (1 references)
    target     prot opt source     destination
    ALLOWOUT   all  --  0.0.0.0/0   0.0.0.0/0
    DENYOUT    all  --  0.0.0.0/0   0.0.0.0/0
    
    Chain LOGDROPIN (1 references)
    target     prot opt source     destination
    DROP    tcp  --  0.0.0.0/0  0.0.0.0/0   tcp dpt:67
    DROP    udp  --  0.0.0.0/0  0.0.0.0/0   udp dpt:67
    DROP    tcp  --  0.0.0.0/0  0.0.0.0/0   tcp dpt:68
    DROP    udp  --  0.0.0.0/0  0.0.0.0/0   udp dpt:68
    DROP    tcp  --  0.0.0.0/0  0.0.0.0/0   tcp dpt:111
    DROP    udp  --  0.0.0.0/0  0.0.0.0/0   udp dpt:111
    DROP    tcp  --  0.0.0.0/0  0.0.0.0/0   tcp dpt:113
    DROP    udp  --  0.0.0.0/0  0.0.0.0/0   udp dpt:113
    DROP    tcp  --  0.0.0.0/0  0.0.0.0/0   tcp dpts:135:139
    DROP    udp  --  0.0.0.0/0  0.0.0.0/0   udp dpts:135:139
    DROP    tcp  --  0.0.0.0/0  0.0.0.0/0   tcp dpt:445
    DROP    udp  --  0.0.0.0/0  0.0.0.0/0   udp dpt:445
    DROP    tcp  --  0.0.0.0/0  0.0.0.0/0   tcp dpt:500
    DROP    udp  --  0.0.0.0/0  0.0.0.0/0   udp dpt:500
    DROP    tcp  --  0.0.0.0/0  0.0.0.0/0   tcp dpt:513
    DROP    udp  --  0.0.0.0/0  0.0.0.0/0   udp dpt:513
    DROP    tcp  --  0.0.0.0/0  0.0.0.0/0   tcp dpt:520
    DROP    udp  --  0.0.0.0/0  0.0.0.0/0   udp dpt:520
    LOG  tcp  --  0.0.0.0/0 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
    LOG  udp  --  0.0.0.0/0 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
    LOG  icmp --  0.0.0.0/0 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
    DROP    all  --  0.0.0.0/0  0.0.0.0/0
    
    Chain LOGDROPOUT (1 references)
    target     prot opt source     destination
    LOG  tcp  --  0.0.0.0/0 0.0.0.0/0   tcpflags: 0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
    LOG  udp  --  0.0.0.0/0 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
    LOG  icmp --  0.0.0.0/0 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
    DROP    all  --  0.0.0.0/0  0.0.0.0/0
    perl csftest.pl
    Code:
    Testing ip_tables/iptable_filter...OK
    Testing ipt_LOG...OK
    Testing ipt_multiport/xt_multiport...OK
    Testing ipt_REJECT...OK
    Testing ipt_state/xt_state...OK
    Testing ipt_limit/xt_limit...OK
    Testing ipt_recent...OK
    Testing xt_connlimit...OK
    Testing ipt_owner/xt_owner...OK
    Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for MESSENGER feature
    Testing iptable_nat/ipt_DNAT...FAILED [Error: iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for csf.redirect feature
    
    RESULT: csf will function on this server but some features will not work due to some missing iptables modules [2]

  2. #2
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,557
    Hello,

    Check
    Code:
    dmesg
    output and counters by
    Code:
    csf -l
    Regards, Alex G.

    - Get the best commercial DirectAdmin support and hire me on poralix.com
    - Follow and like @Poralix on Facebook

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •