Host Access Control, rules dont load - nftables removed, iptables installed

[kszadkowski]

I am in the process of preparing a new cPanel server onn Alma Linux 8.5. I ran into a little problem while setting up the firewall.

Since I decided to use CSF (I've always used it), I removed nftables and installed iptables. CSF works fine, but unfortunately the rules in Host Access Control are not loading. Am I able to make HAC work with iptables?

 

[cPRex]

Hey there! Do you see anything in /usr/local/cpanel/logs/error_log when that doesn't load? Does it load normally when you switch back to nftables?

 

[kszadkowski]

There is nothing about HAC in error log.


Yes, it works.

#yum remove iptables
#yum install nftables
> restart

As you can see in the screenshot. Rules load in milliseconds (cleared rules, so it's empty). Obviously the CSF has stopped working.

There is one more possibility. With iptables installed but without nftables removing, both HAC and CSF work.
The question is, is it possible and will there be any conflicts between nftables and iptables?

 

[cPRex]

Thanks for the additional details. According to our guide here:

How to Configure Your Firewall for cPanel & WHM Services | cPanel & WHM Documentation

This document lists the ports that cPanel & WHM uses, and which services use each of these ports, to allow you to better configure your firewall.

docs.cpanel.net

we say this:

"We recommend the nftables utility for servers that run CentOS 8 or CloudLinux 8. For servers that run CentOS 7, CloudLinux 7, or RHEL 7, we recommend that you use the firewalld utility. For more information, read Red Hat’s When to use firewalld, nftables, or iptables documentation."

so it would be best to continue with nftables if possible.

I do see many threads discussing compatibility issues between CSF and NFTables, so it would be best to reach out to them directly at Technical Support for an authoritative answer regarding that tool.