Firewall problem

pietrek · Sep 12, 2021

Welcome.

I have a problem with Firewall. During the connection and uploading files via FTP to the server, the connection was interrupted and since then it is not possible to access the server from outside the network only from the LAN. When the firewall is turned off, everything works as it should, but that's not the point.
When turning on the firewall, I have the following entries:

Code:

ConfigServer Security & Firewall - csf v14.10

Enabling csf...

csf: FASTSTART loading DROP no logging (IPv4)
csf: FASTSTART loading DROP no logging (IPv6)
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
LOG  tcp opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP6IN Blocked* "
LOG  tcp opt    in * out *  ::/0  -> ::/0   tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP6OUT Blocked* "
LOG  udp opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP6IN Blocked* "
LOG  udp opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP6OUT Blocked* "
LOG  icmpv6 opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP6IN Blocked* "
LOG  icmpv6 opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP6OUT Blocked* "
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0 
REJECT  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   reject-with icmp-port-unreachable
DROP  all opt    in * out *  ::/0  -> ::/0 
REJECT  all opt    in * out *  ::/0  -> ::/0   reject-with icmp6-port-unreachable
DENYOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0 
DENYIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0 
ALLOWOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0 
ALLOWIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0 
DENYOUT  all opt    in * out !lo  ::/0  -> ::/0 
DENYIN  all opt    in !lo out *  ::/0  -> ::/0 
ALLOWOUT  all opt    in * out !lo  ::/0  -> ::/0 
ALLOWIN  all opt    in !lo out *  ::/0  -> ::/0 
csf: FASTSTART loading Packet Filter (IPv4)
csf: FASTSTART loading Packet Filter (IPv6)
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0 
INVALID  tcp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0 
INVALID  tcp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0 
DROP  all opt    in * out *  ::/0  -> ::/0 
INVALID  tcp opt    in !lo out *  ::/0  -> ::/0 
INVALID  tcp opt    in * out !lo  ::/0  -> ::/0 
csf: IPSET creating set chain_DENY
csf: IPSET creating set chain_6_DENY
csf: FASTSTART loading csf.deny (IPv4)
csf: FASTSTART loading csf.deny (IPv6)
csf: FASTSTART loading csf.deny (IPSET)
DROP  tcp opt -- in !lo out *  45.133.1.218  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.218   tcp dpt:587
DROP  tcp opt -- in !lo out *  45.144.225.54  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.144.225.54   tcp dpt:25
DROP  tcp opt -- in !lo out *  45.144.225.54  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.144.225.54   tcp dpt:465
DROP  tcp opt -- in !lo out *  45.144.225.54  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.144.225.54   tcp dpt:587
DROP  tcp opt -- in !lo out *  31.210.20.23  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.23   tcp dpt:25
DROP  tcp opt -- in !lo out *  31.210.20.23  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.23   tcp dpt:465
DROP  tcp opt -- in !lo out *  31.210.20.23  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.23   tcp dpt:587
DROP  tcp opt -- in !lo out *  31.210.20.155  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.155   tcp dpt:25
DROP  tcp opt -- in !lo out *  31.210.20.155  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.155   tcp dpt:465
DROP  tcp opt -- in !lo out *  31.210.20.155  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.155   tcp dpt:587
DROP  tcp opt -- in !lo out *  31.210.20.109  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.109   tcp dpt:25
DROP  tcp opt -- in !lo out *  31.210.20.109  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.109   tcp dpt:465
DROP  tcp opt -- in !lo out *  31.210.20.109  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.109   tcp dpt:587
DROP  tcp opt -- in !lo out *  31.210.21.195  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.195   tcp dpt:25
DROP  tcp opt -- in !lo out *  31.210.21.195  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.195   tcp dpt:465
DROP  tcp opt -- in !lo out *  31.210.21.195  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.195   tcp dpt:587
DROP  tcp opt -- in !lo out *  45.133.1.203  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.203   tcp dpt:25
DROP  tcp opt -- in !lo out *  45.133.1.203  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.203   tcp dpt:465
DROP  tcp opt -- in !lo out *  45.133.1.203  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.203   tcp dpt:587
DROP  tcp opt -- in !lo out *  31.210.20.111  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.111   tcp dpt:25
DROP  tcp opt -- in !lo out *  31.210.20.111  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.111   tcp dpt:465
DROP  tcp opt -- in !lo out *  31.210.20.111  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.111   tcp dpt:587
DROP  tcp opt -- in !lo out *  31.210.20.173  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.173   tcp dpt:25
DROP  tcp opt -- in !lo out *  31.210.20.173  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.173   tcp dpt:465
DROP  tcp opt -- in !lo out *  31.210.20.173  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.173   tcp dpt:587
DROP  tcp opt -- in !lo out *  31.210.21.96  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.96   tcp dpt:25
DROP  tcp opt -- in !lo out *  31.210.21.96  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.96   tcp dpt:465
DROP  tcp opt -- in !lo out *  31.210.21.96  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.96   tcp dpt:587
DROP  tcp opt -- in !lo out *  136.144.41.70  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 136.144.41.70   tcp dpt:25
DROP  tcp opt -- in !lo out *  136.144.41.70  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 136.144.41.70   tcp dpt:465
DROP  tcp opt -- in !lo out *  136.144.41.70  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 136.144.41.70   tcp dpt:587
DROP  tcp opt -- in !lo out *  195.133.40.41  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 195.133.40.41   tcp dpt:25
DROP  tcp opt -- in !lo out *  195.133.40.41  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 195.133.40.41   tcp dpt:465
DROP  tcp opt -- in !lo out *  195.133.40.41  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 195.133.40.41   tcp dpt:587
DROP  tcp opt -- in !lo out *  45.144.225.206  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.144.225.206   tcp dpt:25
DROP  tcp opt -- in !lo out *  45.144.225.206  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.144.225.206   tcp dpt:465
DROP  tcp opt -- in !lo out *  45.144.225.206  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.144.225.206   tcp dpt:587
DROP  tcp opt -- in !lo out *  31.210.21.82  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.82   tcp dpt:25
DROP  tcp opt -- in !lo out *  31.210.21.82  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.82   tcp dpt:465
DROP  tcp opt -- in !lo out *  31.210.21.82  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.82   tcp dpt:587
DROP  tcp opt -- in !lo out *  195.133.40.31  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 195.133.40.31   tcp dpt:25
DROP  tcp opt -- in !lo out *  195.133.40.31  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 195.133.40.31   tcp dpt:465
DROP  tcp opt -- in !lo out *  195.133.40.31  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 195.133.40.31   tcp dpt:587
DROP  tcp opt -- in !lo out *  31.210.20.41  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.41   tcp dpt:25
DROP  tcp opt -- in !lo out *  31.210.20.41  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.41   tcp dpt:465
DROP  tcp opt -- in !lo out *  31.210.20.41  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.41   tcp dpt:587
DROP  tcp opt -- in !lo out *  45.133.1.192  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.192   tcp dpt:25
DROP  tcp opt -- in !lo out *  45.133.1.192  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.192   tcp dpt:465
DROP  tcp opt -- in !lo out *  45.133.1.192  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.192   tcp dpt:587
DROP  tcp opt -- in !lo out *  45.144.225.205  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.144.225.205   tcp dpt:25
DROP  tcp opt -- in !lo out *  45.144.225.205  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.144.225.205   tcp dpt:465
DROP  tcp opt -- in !lo out *  45.144.225.205  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.144.225.205   tcp dpt:587
DROP  tcp opt -- in !lo out *  31.210.21.24  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.24   tcp dpt:25
DROP  tcp opt -- in !lo out *  31.210.21.24  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.24   tcp dpt:465
DROP  tcp opt -- in !lo out *  31.210.21.24  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.24   tcp dpt:587
DROP  tcp opt -- in !lo out *  45.133.1.127  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.127   tcp dpt:25
DROP  tcp opt -- in !lo out *  45.133.1.127  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.127   tcp dpt:465
DROP  tcp opt -- in !lo out *  45.133.1.127  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.127   tcp dpt:587
DROP  tcp opt -- in !lo out *  45.133.1.50  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.50   tcp dpt:25
DROP  tcp opt -- in !lo out *  45.133.1.50  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.50   tcp dpt:465
DROP  tcp opt -- in !lo out *  45.133.1.50  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.50   tcp dpt:587
DROP  tcp opt -- in !lo out *  31.210.21.43  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.43   tcp dpt:25
DROP  tcp opt -- in !lo out *  31.210.21.43  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.43   tcp dpt:465
DROP  tcp opt -- in !lo out *  31.210.21.43  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.43   tcp dpt:587
DROP  tcp opt -- in !lo out *  31.210.21.62  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.62   tcp dpt:25
DROP  tcp opt -- in !lo out *  31.210.21.62  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.62   tcp dpt:465
DROP  tcp opt -- in !lo out *  31.210.21.62  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.21.62   tcp dpt:587
DROP  tcp opt -- in !lo out *  45.144.225.204  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.144.225.204   tcp dpt:25
DROP  tcp opt -- in !lo out *  45.144.225.204  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.144.225.204   tcp dpt:465
DROP  tcp opt -- in !lo out *  45.144.225.204  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.144.225.204   tcp dpt:587
DROP  tcp opt -- in !lo out *  195.133.40.63  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 195.133.40.63   tcp dpt:25
DROP  tcp opt -- in !lo out *  195.133.40.63  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 195.133.40.63   tcp dpt:465
DROP  tcp opt -- in !lo out *  195.133.40.63  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 195.133.40.63   tcp dpt:587
DROP  tcp opt -- in !lo out *  45.133.1.58  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.58   tcp dpt:25
DROP  tcp opt -- in !lo out *  45.133.1.58  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.58   tcp dpt:465
DROP  tcp opt -- in !lo out *  45.133.1.58  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.58   tcp dpt:587
DROP  tcp opt -- in !lo out *  136.144.41.132  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 136.144.41.132   tcp dpt:25
DROP  tcp opt -- in !lo out *  136.144.41.132  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 136.144.41.132   tcp dpt:465
DROP  tcp opt -- in !lo out *  136.144.41.132  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 136.144.41.132   tcp dpt:587
DROP  tcp opt -- in !lo out *  31.210.20.54  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.54   tcp dpt:25
DROP  tcp opt -- in !lo out *  31.210.20.54  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.54   tcp dpt:465
DROP  tcp opt -- in !lo out *  31.210.20.54  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 31.210.20.54   tcp dpt:587
DROP  tcp opt -- in !lo out *  45.133.1.214  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.214   tcp dpt:25
DROP  tcp opt -- in !lo out *  45.133.1.214  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.214   tcp dpt:465
DROP  tcp opt -- in !lo out *  45.133.1.214  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.133.1.214   tcp dpt:587
DROP  tcp opt -- in !lo out *  37.0.10.4  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 37.0.10.4   tcp dpt:25
DROP  tcp opt -- in !lo out *  37.0.10.4  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 37.0.10.4   tcp dpt:465
DROP  tcp opt -- in !lo out *  37.0.10.4  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 37.0.10.4   tcp dpt:587
DROP  tcp opt -- in !lo out *  45.9.20.15  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.9.20.15   tcp dpt:25
DROP  tcp opt -- in !lo out *  45.9.20.15  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.9.20.15   tcp dpt:465
DROP  tcp opt -- in !lo out *  45.9.20.15  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.9.20.15   tcp dpt:587
DROP  tcp opt -- in !lo out *  193.56.29.219  -> 0.0.0.0/0   tcp dpt:25
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 193.56.29.219   tcp dpt:25
DROP  tcp opt -- in !lo out *  193.56.29.219  -> 0.0.0.0/0   tcp dpt:465
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 193.56.29.219   tcp dpt:465
DROP  tcp opt -- in !lo out *  193.56.29.219  -> 0.0.0.0/0   tcp dpt:587
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 193.56.29.219   tcp dpt:587
DROP  tcp opt -- in !lo out *  23.148.145.71  -> 0.0.0.0/0   tcp dpt:20
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 23.148.145.71   tcp dpt:20
DROP  tcp opt -- in !lo out *  23.148.145.71  -> 0.0.0.0/0   tcp dpt:21
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 23.148.145.71   tcp dpt:21
DROP  tcp opt -- in !lo out *  45.155.204.190  -> 0.0.0.0/0   tcp dpt:110
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.155.204.190   tcp dpt:110
DROP  tcp opt -- in !lo out *  45.155.204.190  -> 0.0.0.0/0   tcp dpt:143
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.155.204.190   tcp dpt:143
DROP  tcp opt -- in !lo out *  45.155.204.190  -> 0.0.0.0/0   tcp dpt:993
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.155.204.190   tcp dpt:993
DROP  tcp opt -- in !lo out *  45.155.204.190  -> 0.0.0.0/0   tcp dpt:995
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 45.155.204.190   tcp dpt:995
ACCEPT  all opt -- in !lo out *  10.1.1.147  -> 0.0.0.0/0 
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 10.1.1.147 
csf: IPSET creating set chain_ALLOW
csf: IPSET creating set chain_6_ALLOW
csf: FASTSTART loading csf.allow (IPv4)
csf: FASTSTART loading csf.allow (IPv6)
csf: FASTSTART loading csf.allow (IPSET)
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   icmptype 8 limit: avg 1/sec burst 5
LOGDROPIN  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   icmptype 8
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0 
ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0 
ACCEPT  icmpv6 opt    in !lo out *  ::/0  -> ::/0 
ACCEPT  icmpv6 opt    in * out !lo  ::/0  -> ::/0 
ACCEPT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   ctstate RELATED,ESTABLISHED
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   ctstate RELATED,ESTABLISHED
ACCEPT  all opt    in !lo out *  ::/0  -> ::/0   ctstate RELATED,ESTABLISHED
ACCEPT  all opt    in * out !lo  ::/0  -> ::/0   ctstate RELATED,ESTABLISHED
csf: FASTSTART loading TCP_IN (IPv4)
csf: FASTSTART loading TCP6_IN (IPv6)
csf: FASTSTART loading TCP_OUT (IPv4)
csf: FASTSTART loading TCP6_OUT (IPv6)
csf: FASTSTART loading UDP_IN (IPv4)
csf: FASTSTART loading UDP6_IN (IPv6)
csf: FASTSTART loading UDP_OUT (IPv4)
csf: FASTSTART loading UDP6_OUT (IPv6)
ACCEPT  all opt -- in lo out *  0.0.0.0/0  -> 0.0.0.0/0 
ACCEPT  all opt -- in * out lo  0.0.0.0/0  -> 0.0.0.0/0 
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0 
LOGDROPIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0 
ACCEPT  all opt    in lo out *  ::/0  -> ::/0 
ACCEPT  all opt    in * out lo  ::/0  -> ::/0 
LOGDROPOUT  all opt    in * out !lo  ::/0  -> ::/0 
LOGDROPIN  all opt    in !lo out *  ::/0  -> ::/0 
SMTPOUTPUT  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0 
SMTPOUTPUT  all opt    in * out *  ::/0  -> ::/0 
csf: FASTSTART loading SMTP Block (IPv4)
csf: FASTSTART loading SMTP Block (IPv6)
csf: FASTSTART loading DNS (IPv4)
csf: FASTSTART loading DNS (IPv6)

Please tell me what happened and how can I fix it quickly? Possibly what to put here to make everything work again as it should.

Richard G · Sep 12, 2021

pietrek said:
I have the following entries:

That's just the startup of the firewall.

What has happened, is that probably for some reason, an ip got blocked.
If you're working on a lan, it could be your external (so your internet) ip, or an internal ip or some other ip you are using for FTP.

Check if this is some ip which belongs to you:

Code:

DROP  tcp opt -- in !lo out *  23.148.145.71  -> 0.0.0.0/0   tcp dpt:21
LOGDROPOUT  tcp opt -- in * out !lo  0.0.0.0/0  -> 23.148.145.71   tcp dpt:21

Also check /var/log/lfd.log if you see any port 21 or FTP entry's there too and the reason for it.

Also check the Directadmin blacklist just to be sure.

pietrek · Sep 12, 2021

I checked and none of the IP addresses belong to me.
With the firewall on, access to each service is blocked. Nothing works. Saving the configuration again does nothing.

Richard G · Sep 12, 2021

Try what happens if you delete all blocks from the firewall like this:

csf -df
csf -tf

Then check if FTP works.

I presume all other things except FTP work with firewall enabled.
Check ports 20 and 21 and some pasv ports are opened in the firewall, incoming and outgoing and that the FTP forward in the router is still correct.

Richard G · Sep 12, 2021

pietrek said:
access to each service is blocked.

Oh wait... just seen this. So nothing works? Not even webservice and such?
That is odd. Did you do any customization before in csf.conf by using local LAN ip adresses?

Since I see this:
ACCEPT all opt -- in !lo out * 10.1.1.147 -> 0.0.0.0/0
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 10.1.1.147

Not sure if that is a good one, however, I never used DA on LAN.

So you can test with multiple ip's or also from outside? If you want you can pm me your ip and have the firewall on and I could have a look if something is reachable.

pietrek · Sep 13, 2021

I don't know what was wrong but it looks like the lock was triggered temporarily. Because at 10 p.m. everything was back to normal without my intervention.

Richard G · Sep 13, 2021

Thats why I suggested the csf -tf command, to clear the temp blocks.

If that did not help, and after 10 pm everything was back to normal, then it indeed might be a DA block.

I presumed you had a look at the DA blacklist as I suggested in my first answer. But it seems you didn't? Is that correct?
Odd though, because then it should have worked either when firewall was disabled if I'm not mistaken.

Firewall problem

pietrek

Verified User

Richard G

Verified User

pietrek

Verified User

Richard G

Verified User

Richard G

Verified User

pietrek

Verified User

Richard G

Verified User