The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CSF strange lines when starting and strange working.

Discussion in 'Security' started by Bidi, Aug 26, 2014.

  1. Bidi

    Bidi Well-Known Member

    Joined:
    Oct 3, 2012
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Romania, Transilvania
    cPanel Access Level:
    DataCenter Provider
    Hy there guys i got some strange thinks when i start CSF it shows this

    Code:
    LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* ' 
    LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *TCP_OUT Blocked* ' 
    LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* ' 
    LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *UDP_OUT Blocked* ' 
    LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* ' 
    LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *ICMP_OUT Blocked* ' 
    LOG  tcp opt    in * out *  ::/0  -> ::/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP6IN Blocked* ' 
    LOG  tcp opt    in * out *  ::/0  -> ::/0  tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *TCP6OUT Blocked* ' 
    LOG  udp opt    in * out *  ::/0  -> ::/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP6IN Blocked* ' 
    LOG  udp opt    in * out *  ::/0  -> ::/0  limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *UDP6OUT Blocked* ' 
    LOG  icmpv6 opt    in * out *  ::/0  -> ::/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP6IN Blocked* ' 
    LOG  icmpv6 opt    in * out *  ::/0  -> ::/0  limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *ICMP6OUT Blocked* ' 
    And more but those ones i recognize them but this ones i dont i dont remember adding this tipes of thinks in the csf .

    And i see it long time ago but i was thinking is from csf. But the strange think is this.

    My server location is: Romania and some days i see there is not posible to make external connections to server, i get alert from pingdom theath is down, i try with proxy, with CyberGhost 5 i ask friends from other countrys and nothink this for 30 min after is back but in the same time me or anyone from Romania ( Server location ) is able to acces the server or the websites.

    The think is i changed the datacenter and since i change it i have this thinks they was telling me is an attack and they have some sort of profesional firewall switch witch if an incoming traffic bigger then 1GBps it will close all the external connextions :| but i dont belive it because in one they from iptables or somewhere i changed the 30minutes to 5 and was making just 5 minutes like not external connextions.

    Tnx guys and please give me an ideea about this.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    To clarify, you are simply curious to know if custom rules were added by CSF itself, or by your data center? Note that CSF is a third-party application so you may want to ask this question on their forums:

    ConfigServer Community Forum - General Discussion (csf)

    Thank you.
     
  3. Bidi

    Bidi Well-Known Member

    Joined:
    Oct 3, 2012
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Romania, Transilvania
    cPanel Access Level:
    DataCenter Provider
    Hy Michael i know CSF is a thid-party aplication but when i got a problem on cPanel i can trust and they allways there for you.

    I know those rulls they was added by the datacenter because before i was still using csf and when i was restarting it i never sow those rulls.

    The think is i was tryed to remove them but i dont fiind them any where i had even uninstalled csf and then reinstalled and still the same i dont know what those ruls ar doing if is got or bad and how to remove them or add them when i whant.
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    It's possible the rules were added with a version update of CSF. Most CSF installs update automatically. As a data center provider, we don't go around messing with peoples firewall rules other than to maybe whitelist our monitoring servers.

    I am not an iptables expert however those rules look associated with rate limiting on first glance; perhaps the sections for port scans, syn flood, or other protections in csf.conf should be checked. Unless you are using a file like /etc/csf/csfpre.sh or /etc/csf/csfpost.sh all of your iptables rules are generated according to the options set in the /etc/csf/csf.conf file, in conjunction with the csf.allow and csf.deny files.
     
    #4 quizknows, Aug 27, 2014
    Last edited: Aug 27, 2014
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You are able to Reset CSF to defaults (or choose a pre-configured csf.conf) from the Firewalls Profiles section of CSF.
     
Loading...

Share This Page