Host Access Control, rules dont load - nftables removed, iptables installed

kszadkowski

Member
Sep 30, 2014
13
0
51
cPanel Access Level
Root Administrator
I am in the process of preparing a new cPanel server onn Alma Linux 8.5. I ran into a little problem while setting up the firewall.

Since I decided to use CSF (I've always used it), I removed nftables and installed iptables. CSF works fine, but unfortunately the rules in Host Access Control are not loading. Am I able to make HAC work with iptables?
 

Attachments

kszadkowski

Member
Sep 30, 2014
13
0
51
cPanel Access Level
Root Administrator
There is nothing about HAC in error log.


Yes, it works.

#yum remove iptables
#yum install nftables
> restart

As you can see in the screenshot. Rules load in milliseconds (cleared rules, so it's empty). Obviously the CSF has stopped working.

There is one more possibility. With iptables installed but without nftables removing, both HAC and CSF work.
The question is, is it possible and will there be any conflicts between nftables and iptables?
 

Attachments

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,360
1,632
363
cPanel Access Level
Root Administrator
Thanks for the additional details. According to our guide here:


we say this:

"We recommend the nftables utility for servers that run CentOS 8 or CloudLinux 8. For servers that run CentOS 7, CloudLinux 7, or RHEL 7, we recommend that you use the firewalld utility. For more information, read Red Hat’s When to use firewalld, nftables, or iptables documentation."

so it would be best to continue with nftables if possible.

I do see many threads discussing compatibility issues between CSF and NFTables, so it would be best to reach out to them directly at Technical Support for an authoritative answer regarding that tool.