The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iptables flushing / csf restarting

Discussion in 'General Discussion' started by verdon, Aug 28, 2006.

  1. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    A couple days ago, my server seemed to crash while re-starting csf. I had to get my DC to disable the firewall and re-boot from console. Since then, although csf and lfd seem to be running OK and are configured correctly, it seems as if something is causing iptables to flush appx every 5 minutes.

    I'm not really sure where to look... I don't see anything obvious in the root cron. CSF is not in test mode.

    But when I check th lfd log I get entries like;

    Mon Aug 28 12:50:29 2006 lfd: iptables appears to have been flushed, running *csf startup*
    Mon Aug 28 12:54:45 2006 lfd: iptables appears to have been flushed, running *csf startup*

    When I do cfs status I get nothing

    When I run a csf report I get

    Generated Monday August 28 13:25:25 EDT 2006 by root.
    0 of 3844 entries in the file "/var/log/messages" are packet logs, 0 have unique characteristics.
    No valid time entries found.
    All entries were logged by the same host: "".
    All entries are from the same chain: "".
    All entries have the same target: "".
    All entries are from the same interface: "".

    # start end interval proto source port destination port opts

    Any thoughts?

    Thanks,
     
  2. darkkouta

    darkkouta Well-Known Member

    Joined:
    May 12, 2006
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    #2 darkkouta, Aug 28, 2006
    Last edited: Aug 28, 2006
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    No need to reinstall.

    They've probably stuck in a cron job to flush iptables (unless TESTING is enabled in csf.conf). Have a check for such a job in /etc/crontab /etc/cron.d/ or in the root crontab (crontab -e).

    If you're running a VPS, the most likely reason for it to hang is that you've run out of memory allocated to iptables by the host server. If that's the case it's probably best not to use the block lists (DSHIELD SPAMHAUS) if you're using them.
     
  4. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    Hi,

    That's what I thought too. I did check those locations and just checked them again. I don't see anything that looks likely though. I also re-installed csf just in case, but that didn't make any difference. I'm on a dedicated and not a vps and am not using the block lists.

    Thanks for the suggestions though :)

    /etc/crontab includes
    # run-parts
    01 * * * * root run-parts /etc/cron.hourly
    02 4 * * * root run-parts /etc/cron.daily
    22 4 * * 0 root run-parts /etc/cron.weekly
    42 4 1 * * root run-parts /etc/cron.monthly

    /etc/cron.d has one file
    mscpanel.sh
    which contains
    */10 * * * * root perl /usr/mscpanel/msbe.pl > /dev/null 2>&1
    10 1 * * * root perl /usr/mscpanel/mssql.pl > /dev/null 2>&1

    # crontab -l
    0 8 * * * /usr/bin/rules_du_jour > /dev/null 2>&1
    0 0 * * * perl /usr/mscpanel/mscpanel.pl > /dev/null 2>&1
    9 0 * * * /usr/bin/yum -y update >/dev/null 2>&1
    */15 * * * * /usr/local/cpanel/whostmgr/bin/dnsqueue > /dev/null 2>&1
    30 5 * * * /usr/local/bin/rkhunter -c --cronjob
    15 1 * * * /scripts/upcp
    0 1 * * * /scripts/cpbackup
    2,58 * * * * /usr/local/bandmin/bandmin
    0 0 * * * /usr/local/bandmin/ipaddrmap
    0 4 * * 0,1,3,5 /scripts/ftpbackup.sh
    30 4 * * 0,1,3,5 /scripts/ftpbackupdirs.sh
    40 4 * * 0,1,3,5 /scripts/ftpbackupfiles.sh
    59 22 * * * /usr/local/cpanel/whostmgr/docroot/cgi/cpaddons_report.pl --notify
    0 6 * * * /scripts/exim_tidydb > /dev/null 2>&1
    */5 * * * * /usr/local/cpanel/bin/dcpumon >/dev/null 2>&1
     
  5. kigoobe

    kigoobe Member

    Joined:
    Sep 29, 2006
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Isn't it coming from firewall installation directly? I have just installed APF and the confirmation message that I got reads
    Code:
    root@xxx [/etc/apf]# /usr/local/sbin/apf -r
    Development mode enabled!; firewall will flush every 5 minutes.
    
    I have just found this ... there is something called DEVEL_MODE at the top, set to 1. This should be set to 0 once everything is fine. That should fix this 5 minutes flushing problem.
     
    #5 kigoobe, Sep 29, 2006
    Last edited: Sep 29, 2006
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    This is for csf not APF. IIRC, verdons problem was unrelated to cron jobs.
     
  7. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    Yes, I should have posted back here as a conclusion...

    My problems were with a corruption of iptables libraries and my DC just disabling them without explanation (I'm not happy about that, a quick note would have been nice). Still not sure what caused it to happen in the first place, but updating my kernel and re-installing iptables did the job.
     
Loading...

Share This Page