The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disable CSF / iptables

Discussion in 'General Discussion' started by elenlace, Jan 31, 2007.

  1. elenlace

    elenlace Well-Known Member

    Joined:
    Sep 10, 2002
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    US
    Hi,

    I was wondering if anyone knows if it is possible to remove / disable iptables and just the firewall part of CSF. I like CSF very much but I have been having reocurring problems on most of my servers these past few weeks as suddenly some ports become unaccesible, is a random thing and nothing particular shows up in the logs, it seems under a very minor port scanning iptables goes crazy and disables ports such as 22 (SSH), 2082, 2095 and 2086-2087 (cpanel, webmail, WHM).

    I know iptables is the culprit as yesterday one of my servers had ports 21,25,80,110 working fine but all the other mentioned ports were inaccesible, a tech at my DC went in, turned down iptables and suddenly all ports were available.

    I want to go back to APF for firewall and just keep CSF for the brute attack protection and some other features (connections monitoring, process monitoring, etc).

    Any help is greatly appreciated (Chirpy maybe? :=)

    Warmest Regards
     
  2. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    CSF and APF are only front-ends to iptables. They are scripts that feed it rules. iptables is the firewall, if you disable it then APF will not work. If a tech at your DC actually turned OFF iptables it might be time to find a new DC. If they just flushed it out then you need to find why and what is adding those ports to the firewall.

    Do you have portsentry installed on the box perhaps?
     
Loading...

Share This Page