csf iptables problem

[Haloweb]

Hi Everyone

I am installing csf however I get the following iptable error, please can someone tell me what it means

Error: iptables command [/sbin/iptables -v -I OUTPUT 2 -i eth0 -j GDENY] failed, at line 383

 

[mctDarren]

Is iptables installed in the kernel? Is this a VPS? OS you are running?

 

[Haloweb]

Hi

Its a dedicated box not a VPS and it seems like IP tables is installed
I can start and stop it and perform the various other commands, I am
running AMD 64 Athlon 3200 CentOS 4 OS

 

[Haloweb]

well I thought the problem was more IP tables / cpanel realted rather than
chirpys script hence I asked here

 

[brianoz]

It's pretty pointless asking here, you need to ask the author of csf, chirpy.

 

[chirpy]

Indeed. I've been tied up until now and it's quicker to comtact me directly if you find a problem. It's a bug in the script and will be fixed in the next release due out today.

 

[jimmshepard]

Same Problem

Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
ACCEPT all opt -- in lo out * 0.0.0.0/0 -> 0.0.0.0/0
ACCEPT all opt -- in * out lo 0.0.0.0/0 -> 0.0.0.0/0
LOG tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
LOG tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_OUT Blocked* '
LOG udp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
LOG udp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_OUT Blocked* '
LOG icmp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
LOG icmp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 state INVALID
DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x3F/0x00
DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x03/0x03
DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x06/0x06
DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x05/0x05
DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x11/0x01
DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x18/0x08
DROP tcp opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x30/0x20
DROP all opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 state INVALID
DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x3F/0x00
DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x03/0x03
DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x06/0x06
DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x05/0x05
DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x11/0x01
DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x18/0x08
DROP tcp opt -- in * out venet0 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x30/0x20
DSHIELD all opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0
SPAMHAUS all opt -- in venet0 out * 0.0.0.0/0 -> 0.0.0.0/0
REJECT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:25 reject-with icmp-port-unreachable
iptables: No chain/target/match by that name
ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:25 OWNER UID match 0
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `DSHIELD'
Flushing chain `LOGDROP'
Flushing chain `SPAMHAUS'
Deleting chain `DSHIELD'
Deleting chain `LOGDROP'
Deleting chain `SPAMHAUS'
Error: iptables command [/sbin/iptables -v -I OUTPUT -p tcp --dport 25 -m owner --uid-owner 0 -j ACCEPT] failed, at line 469


...Done

 

[chirpy]

No, that's a different problem - it suggest you don't have all the required iptables modules available in your kernel.