Trying to fix the problem, the first step was "Disable UDP acceleration" (view the image)
Trying to fix the problem, the first step was "Disable UDP acceleration" (view the image)
Symptom: When checking the LFD service with the systemctl command you will see this: systemctl status lfd.service ● lfd.service - ConfigServer Firewall & Security - lfd Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2020-12-01 20:54:11 IST; 10min ago Process: 11119 ExecStart=/usr/sbin/lfd (code=exited, status=1/FAILURE) Dec 01 20:54:10 host.domain.tld systemd[1]: Starting ConfigServer Firewall & Security - lfd... Dec 01 20:54:11 host.domain.tld lfd[11119]: Error: You have an unresolved error when starting csf. You need to restart csf successfully before starting lfd (s...csf.error) Dec 01 20:54:11 host.domain.tld systemd[1]: lfd.service: control process exited, code=exited status=1 Dec 01 20:54:11 host.domain.tld systemd[1]: Failed to start ConfigServer Firewall & Security - lfd. Dec 01 20:54:11 host.domain.tld systemd[1]: Unit lfd.service entered failed state. Dec 01 20:54:11 host.domain.tld systemd[1]: lfd.service failed. The error indicates that you need to restart the CSF service before being able to start the LFD service. However, when you check the CSF service you notice that the service has failed with the following error: systemctl status csf.service -l ● csf.service - ConfigServer Firewall & Security - csf Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2020-11-30 20:13:09 IST; 24h ago Main PID: 943 (code=exited, status=1/FAILURE) Nov 30 20:12:56 host.domain.tld systemd[1]: Starting ConfigServer Firewall & Security - csf... Nov 30 20:13:09 host.domain.tld csf[943]: You have an unresolved error when starting csf: Nov 30 20:13:09 host.domain.tld csf[943]: Error: FASTSTART: (Packet Filter IPv4) [] [iptables-restore: line 14 failed]. Try restarting csf with FASTSTART disabled, at line 5584 in /usr/sbin/csf Nov 30 20:13:09…
ConfigServer Security & Firewall (CSS) is an iptables based firewall for Linux systems. In our previous tutorial read installation tutorial of CSF on Linux system. CSF also provides in-built web UI for the managing firewall from the web interface. In this tutorial, you will find how to enable CSF Firewall Web UI on your system. Step 1 – Install Required Perl Modules: CSF UI required some of Perl modules to be installed on your system. Use the following commands to install required modules as per your operating system. Debian based systems: $ sudo apt-get install libio-socket-ssl-perl libcrypt-ssleay-perl \ libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl Redhat based systems: $ sudo yum install perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN \ perl-IO-Socket-INET6 perl-Socket6 Step 2 – Enable CSF Firewall Web UI: To enable CSF web UI edit /etc/csf/csf.conf file in your favorite text editor and update the following values. $ sudo vim /etc/csf/csf.conf # 1 to enable, 0 to disable web ui UI = "1" # Set port for web UI. The default port is 6666, but # I change this to 1025 to easy access. Default port create some issue # with popular chrome and firefox browser (in my case) UI_PORT = "1025" # Leave blank to bind to all IP addresses on the server UI_IP = "" # Set username for authetnication UI_USER = "admin" # Set a strong password for authetnication UI_PASS = "admin" After making changes, edit /etc/csf/ui/ui.allow configuration file and add your public IP to allow access to CSF UI. Change OUR_PUBLIC_IP_ADDRESS with your public IP address. $ sudo echo "YOUR_PUBLIC_IP_ADDRESS" >> /etc/csf/ui/ui.allow Web…
Introduction Config Server Firewall (or CSF) is a free and advanced firewall for most Linux distributions and Linux based VPS. In addition to the basic functionality of a firewall – filtering packets – CSF includes other security features, such as login/intrusion/flood detections. As mentioned CSF includes UI integration for cPanel, DirectAdmin and Webmin, but this tutorial only covers the command line usage. CSF is able to recognize many attacks, such as port scans, SYN floods, and login brute force attacks on many services. It is configured to temporarily block clients who are detected to be attacking the cloud server. The full list of supported operating systems and features can be found on ConfigServer’s website. Installing ConfigServer Firewall First we need to make sure that perl is installed yum install wget vim perl-libwww-perl.noarch perl-Time-HiRes Then we can go ahead and download CSF cd /usr/src/ wget https://download.configserver.com/csf.tgz The next step is to extract the downloaded tar archive and run the install script: tar -xzf csf.tgz cd csf sh install.sh Configure CSF CentOS 7 has a default firewall application called “firewalld”. You have to stop firewalld and remove it from the startup. Stop firewalld: systemctl stop firewalld and disable it: systemctl disable firewalld Now we can enable CSF disabling the default TESTING state: cd /etc/csf/ next open the csf.conf file using your favourite text editor - vim, vi ,nano and etc vim csf.conf On line 11 you will see that the “TESTING ” is set to “1” , make sure this is set to “0” TESTING = "0" Now we can start and enable both lfd and csf `systemctl…