when i restart CSF display this error: Error: iptables command [/sbin/iptables -v -I

[polkocholo]

I have a problem in csf

when i Flush all blocks display this error: You have an unresolved error when starting csf. You need to restart csf successfully to remove this warning

when i restart CSF display this error: Error: iptables command [/sbin/iptables -v -I OUTPUT -p tcp --dport 25 -m owner --uid-owner 0 -j ACCEPT] failed, at line 579


i can't restart or start CSF but display error

pooyan
Junior Member

Posts: 1
Joined: Wed May 04, 2011 11:48 am

[cPanelTristan]

You'll have to remove that line from iptables if that exists outside of CSF itself. First, save the existing iptables rules:

Code:

/sbin/iptables-save > /root/iptables-saved

After saving the rules, grep for the OUTPUT chain rules for port 25:

Code:

/sbin/iptables -n -L OUTPUT --line-number | grep 25

Once you find out the line number for the spurious rule, then remove it:

Code:

iptables -D OUTPUT line#

Please replace line# with the line number for the bad rule in the OUTPUT chain.

If you are unable to find the line, please paste the full contents of the OUTPUT line here for us to see it.

If it ends up that CSF has the bad rule rather than iptables, you'll need to move your existing CSF installation and install a new copy to bypass the bad configuration that appears to have been set.

[polkocholo]

root@server40 [~]# /sbin/iptables-save
# Generated by iptables-save v1.3.5 on Wed May 4 22:08:36 2011
*mangle
:PREROUTING ACCEPT [1015471:88090799]
:INPUT ACCEPT [1015198:88045115]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [863083:1620865683]
:POSTROUTING ACCEPT [863098:1620869080]
COMMIT
# Completed on Wed May 4 22:08:36 2011
# Generated by iptables-save v1.3.5 on Wed May 4 22:08:36 2011
*filter
:INPUT ACCEPT [117958:8906340]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [97052:211675521]
COMMIT
# Completed on Wed May 4 22:08:36 2011
root@server40 [~]# /sbin/iptables -n -L OUTPUT --line-number | grep 25
root@server40 [~]# iptables -D OUTPUT 579
iptables: Index of deletion too big

[cPanelTristan]

Line 579 is not the iptables line number. That is the line in the CSF script reporting the error to be unable to process a start / enable for CSF.

Is iptables even online at this time or stopped / flushed? It seems it doesn't have any rules at all. You need to bring iptables itself back online with "service iptables start" to load the existing rules, recheck for the "/sbin/iptables -n -L OUTPUT --line-number | grep 25" rule and then delete by the actual line number it reports if you get any return.

If it doesn't report anything again, then it isn't iptables rules but something in the CSF configuration files and you'd need to get a new copy of CSF after moving the existing copy.

Thanks.

[polkocholo]

Thank you dear!

when i restart CSF in end of page display this error:
[ OK ]
Starting lfd:
Error: You have an unresolved error when starting csf. You need to restart csf successfully before starting lfd
[ OK ]

and in csf page display this: Firewall Status: Enabled but Stopped
but i can;t start CSF because display this error: Error: iptables command [/sbin/iptables -v -I OUTPUT -p tcp --dport 25 -m owner --uid-owner 0 -j ACCEPT] failed, at line 579

could you please help me
very thanks
regards

[cPanelTristan]

I've already provided the steps to help above. As I've mentioned, if the CSF configuration is the cause for the error rather than iptables, you need to move the existing CSF installation and install a new copy. In fact, you could just download a new copy and use that to uninstall the old one:

Code:

cp -R /etc/csf /etc/csf.bak
wget http://configserver.com/free/csf.tgz
tar xzf csf.tgz
cd csf && ./uninstall.sh

After that, then install CSF again:

Code:

./install.cpanel.sh

If the issue still persists at that point, please contact CSF for further assistance, since CSF is a third-party product that is provided by ConfigServer Security & Firewall. Their support forum is at the following location:

ConfigServer Scripts Forum • Index page

[fcitrolo]

I am also having this same issue this morning which I cannot resolve.

[Infopro]

I am also having this same issue this morning which I cannot resolve.

Just out of curiosity, have you made any changes recently to the firewall config files? If no, but you did add an IP to the Quick Deny or Quick Allow, and now it won't start can you go back into the Firewall Deny IPs list (if you added an IP there) and either remove the last entry, or, just copy the entire list to a text file somewhere and empty the Deny IPs list and then save. Does it allow you to save and start then?

[fcitrolo]

The error started at 4:30am when csf updated.

I also want to add that I uninstalled csf and reinstalled it.

I did not get an error at the start but once I configured csf to my liking it gave the error again.

This is the only server of our seven that is giving the error and the firewalls are identical.

:stumped

[Infopro]

I did not get an error at the start but once I configured csf to my liking it gave the error again.

Thats what I'm wondering, if you edited something. Sounds like you did, and whatever it was you typed it in incorrectly.

[cPanelTristan]

Please post on the CSF forum about the issue:

ConfigServer Scripts Forum • Index page

cPanel does not provide CSF and LFD, and if two people are receiving the same error on their script, they would want to know about it and likely already know the resolution on what was added to cause it.

[fcitrolo]

Quite possibly but I edited the configuration through the whm interface.

I am going to try uninstalling and reinstalling after lunch and then just configure the ports only.

I will keep you up to date.

[fcitrolo]

I seem to have found the issue:

The error is given when SMTP_BLOCK = is activated.

The server never had an issue before upgrading to v5.22

Hope it helps someone else.

[cPanelTristan]

Great to hear that you found the reason! Will you be contacting CSF about the issue? So far, it doesn't seem anyone who is using CSF and getting this error has gone to the CSF forum or support avenues to discuss this with them.

[fcitrolo]

Indeed, I had replied to another post with the same error number but I have opened a new thread regarding the issue:

ConfigServer Scripts Forum • View topic - Error: iptables command [/sbin/iptables -v -I OUTPUT -p tcp