It seems that I have some missing IP Table modules on my Centos 5.9 VPS.
CSF first alerted me to this issue since it returned the error: "CSF will function on this server but some features will not work due to some missing iptables modules" (see below).
I am unable to set SMTP Restrictions to "Enable" in: Home » Security Center » SMTP Restrictions.
The error is "An error occurred attempting to update this setting", which I think may be related.
I also am unable to run CSF with anything higher than the Low setting, and when I click the "Test IP Tables", I get the following output:
I bought this up with my hosting partner who said:
"Our mini-servers do not allow module loading, but do have IPtables modules compiled directly into the kernel. The fix for this issue is to upgrade the iptables binary to a newer version. This can be done by recompiling the iptables package from source."
They also suggested upgrading to Centos 6, which I don't want to do right now, especially since the EOL date for Centos 5 is August 31, 2017. Seems a bit of a knee-jerk reaction!
I am not entirely sure how I would go about "recompiling the iptables package", but I understand that this process could be risky since it has the potential to lock me out! I have downloaded iptables-1.3.5-9.2.el5_8.i386 which is correct for my Centos version.
shows I am already running iptables v1.3.5.
The following code I found on a different post seems to show a list of loaded IP Tables on my server:
Could someone outline the steps needed to reinstall IP Tables or at least point me in the right direction?
CSF first alerted me to this issue since it returned the error: "CSF will function on this server but some features will not work due to some missing iptables modules" (see below).
I am unable to set SMTP Restrictions to "Enable" in: Home » Security Center » SMTP Restrictions.
The error is "An error occurred attempting to update this setting", which I think may be related.
I also am unable to run CSF with anything higher than the Low setting, and when I click the "Test IP Tables", I get the following output:
Code:
Testing iptables...
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...FAILED [Error: iptables: Unknown error 4294967295] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...FAILED [Error: iptables: Unknown error 4294967295] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf will function on this server but some features will not work due to some missing iptables modules [2]"Our mini-servers do not allow module loading, but do have IPtables modules compiled directly into the kernel. The fix for this issue is to upgrade the iptables binary to a newer version. This can be done by recompiling the iptables package from source."
They also suggested upgrading to Centos 6, which I don't want to do right now, especially since the EOL date for Centos 5 is August 31, 2017. Seems a bit of a knee-jerk reaction!
I am not entirely sure how I would go about "recompiling the iptables package", but I understand that this process could be risky since it has the potential to lock me out! I have downloaded iptables-1.3.5-9.2.el5_8.i386 which is correct for my Centos version.
Code:
iptables -VThe following code I found on a different post seems to show a list of loaded IP Tables on my server:
Code:
cat /proc/net/ip_tables_matches
u32
time
string
statistic
state
realm
rateest
quota
pkttype
owner
mac
limit
helper
devgroup
cpu
conntrack
conntrack
conntrack
connlimit
connlimit
connbytes
comment
cluster
addrtype
connmark
mark
ecn
ah
icmp
tcpmss
socket
socket
sctp
recent
policy
osf
multiport
length
iprange
ttl
hashlimit
esp
tos
dscp
dccp
addrtype
set
set
udplite
udp
tcp
Last edited:
