The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

when i restart CSF display this error: Error: iptables command [/sbin/iptables -v -I

Discussion in 'Security' started by polkocholo, May 4, 2011.

  1. polkocholo

    polkocholo Active Member

    Joined:
    Nov 22, 2010
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    I have a problem in csf

    when i Flush all blocks display this error: You have an unresolved error when starting csf. You need to restart csf successfully to remove this warning

    when i restart CSF display this error: Error: iptables command [/sbin/iptables -v -I OUTPUT -p tcp --dport 25 -m owner --uid-owner 0 -j ACCEPT] failed, at line 579


    i can't restart or start CSF but display error

    pooyan
    Junior Member

    Posts: 1
    Joined: Wed May 04, 2011 11:48 am
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Re: when i restart CSF display this error: Error: iptables command [/sbin/iptables -v

    You'll have to remove that line from iptables if that exists outside of CSF itself. First, save the existing iptables rules:

    Code:
    /sbin/iptables-save > /root/iptables-saved
    After saving the rules, grep for the OUTPUT chain rules for port 25:

    Code:
    /sbin/iptables -n -L OUTPUT --line-number | grep 25
    Once you find out the line number for the spurious rule, then remove it:

    Code:
    iptables -D OUTPUT line#
    Please replace line# with the line number for the bad rule in the OUTPUT chain.

    If you are unable to find the line, please paste the full contents of the OUTPUT line here for us to see it.

    If it ends up that CSF has the bad rule rather than iptables, you'll need to move your existing CSF installation and install a new copy to bypass the bad configuration that appears to have been set.
     
  3. polkocholo

    polkocholo Active Member

    Joined:
    Nov 22, 2010
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    Re: when i restart CSF display this error: Error: iptables command [/sbin/iptables -v

    root@server40 [~]# /sbin/iptables-save
    # Generated by iptables-save v1.3.5 on Wed May 4 22:08:36 2011
    *mangle
    :PREROUTING ACCEPT [1015471:88090799]
    :INPUT ACCEPT [1015198:88045115]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [863083:1620865683]
    :POSTROUTING ACCEPT [863098:1620869080]
    COMMIT
    # Completed on Wed May 4 22:08:36 2011
    # Generated by iptables-save v1.3.5 on Wed May 4 22:08:36 2011
    *filter
    :INPUT ACCEPT [117958:8906340]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [97052:211675521]
    COMMIT
    # Completed on Wed May 4 22:08:36 2011
    root@server40 [~]# /sbin/iptables -n -L OUTPUT --line-number | grep 25
    root@server40 [~]# iptables -D OUTPUT 579
    iptables: Index of deletion too big
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Re: when i restart CSF display this error: Error: iptables command [/sbin/iptables -v

    Line 579 is not the iptables line number. That is the line in the CSF script reporting the error to be unable to process a start / enable for CSF.

    Is iptables even online at this time or stopped / flushed? It seems it doesn't have any rules at all. You need to bring iptables itself back online with "service iptables start" to load the existing rules, recheck for the "/sbin/iptables -n -L OUTPUT --line-number | grep 25" rule and then delete by the actual line number it reports if you get any return.

    If it doesn't report anything again, then it isn't iptables rules but something in the CSF configuration files and you'd need to get a new copy of CSF after moving the existing copy.

    Thanks.
     
  5. polkocholo

    polkocholo Active Member

    Joined:
    Nov 22, 2010
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    Re: when i restart CSF display this error: Error: iptables command [/sbin/iptables -v

    Thank you dear!

    when i restart CSF in end of page display this error:
    [ OK ]
    Starting lfd:
    Error: You have an unresolved error when starting csf. You need to restart csf successfully before starting lfd
    [ OK ]

    and in csf page display this: Firewall Status: Enabled but Stopped
    but i can;t start CSF because display this error: Error: iptables command [/sbin/iptables -v -I OUTPUT -p tcp --dport 25 -m owner --uid-owner 0 -j ACCEPT] failed, at line 579

    could you please help me
    very thanks
    regards
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Re: when i restart CSF display this error: Error: iptables command [/sbin/iptables -v

    I've already provided the steps to help above. As I've mentioned, if the CSF configuration is the cause for the error rather than iptables, you need to move the existing CSF installation and install a new copy. In fact, you could just download a new copy and use that to uninstall the old one:

    Code:
    cp -R /etc/csf /etc/csf.bak
    wget http://configserver.com/free/csf.tgz
    tar xzf csf.tgz
    cd csf && ./uninstall.sh
    After that, then install CSF again:

    Code:
    ./install.cpanel.sh
    If the issue still persists at that point, please contact CSF for further assistance, since CSF is a third-party product that is provided by ConfigServer Security & Firewall. Their support forum is at the following location:

    ConfigServer Scripts Forum • Index page
     
  7. fcitrolo

    fcitrolo Active Member

    Joined:
    Dec 31, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Re: when i restart CSF display this error: Error: iptables command [/sbin/iptables -v

    I am also having this same issue this morning which I cannot resolve.
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,475
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Re: when i restart CSF display this error: Error: iptables command [/sbin/iptables -v

    Just out of curiosity, have you made any changes recently to the firewall config files? If no, but you did add an IP to the Quick Deny or Quick Allow, and now it won't start can you go back into the Firewall Deny IPs list (if you added an IP there) and either remove the last entry, or, just copy the entire list to a text file somewhere and empty the Deny IPs list and then save. Does it allow you to save and start then?
     
  9. fcitrolo

    fcitrolo Active Member

    Joined:
    Dec 31, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Re: when i restart CSF display this error: Error: iptables command [/sbin/iptables -v

    The error started at 4:30am when csf updated.

    I also want to add that I uninstalled csf and reinstalled it.

    I did not get an error at the start but once I configured csf to my liking it gave the error again.

    This is the only server of our seven that is giving the error and the firewalls are identical.

    :stumped
     
    #9 fcitrolo, May 18, 2011
    Last edited: May 18, 2011
  10. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,475
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Re: when i restart CSF display this error: Error: iptables command [/sbin/iptables -v


    Thats what I'm wondering, if you edited something. Sounds like you did, and whatever it was you typed it in incorrectly.
     
  11. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Re: when i restart CSF display this error: Error: iptables command [/sbin/iptables -v

    Please post on the CSF forum about the issue:

    ConfigServer Scripts Forum • Index page

    cPanel does not provide CSF and LFD, and if two people are receiving the same error on their script, they would want to know about it and likely already know the resolution on what was added to cause it.
     
  12. fcitrolo

    fcitrolo Active Member

    Joined:
    Dec 31, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Re: when i restart CSF display this error: Error: iptables command [/sbin/iptables -v

    Quite possibly but I edited the configuration through the whm interface.

    I am going to try uninstalling and reinstalling after lunch and then just configure the ports only.

    I will keep you up to date.
     
  13. fcitrolo

    fcitrolo Active Member

    Joined:
    Dec 31, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Re: when i restart CSF display this error: Error: iptables command [/sbin/iptables -v

    I seem to have found the issue:

    The error is given when SMTP_BLOCK = is activated.

    The server never had an issue before upgrading to v5.22

    Hope it helps someone else.
     
  14. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Re: when i restart CSF display this error: Error: iptables command [/sbin/iptables -v

    Great to hear that you found the reason! Will you be contacting CSF about the issue? So far, it doesn't seem anyone who is using CSF and getting this error has gone to the CSF forum or support avenues to discuss this with them.
     
  15. fcitrolo

    fcitrolo Active Member

    Joined:
    Dec 31, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
Loading...

Share This Page