In general csf is giving good compatibility with WHM & cPanel or another control panel. But in a vps with OpenVZ (Open Virtuozzo) or Virtuzzo. The csf configuration is something different.
CSF is a powerful Firewall for Linux and cPanel servers are here are the steps to get it working fine.
Sometimes you may get an error as follow after the csf installation in vps like this below
To fix the issue – You’ll need to have access to your node (main server – not the VPS container). If you do not have access to the main server you may provide this guide to your VPS provider. Now you need to do the following steps:
1. Verify module is active
You can check it as follows
If not please insert these modules into the kernel.
eg: modprobe ipt_conntrack
2. First, you need to define required iptables modules from node.
Edit /etc/sysconfig/iptables-config file on the node (Main server) and make sure you have the following:
and then edit /etc/sysconfig/vz file:
3. Restart Virtuozzo/OpenVZ/Container:
4. execute the command (Assuming your VPS’s CTID is 101):
5. verify the perl test command on your VPS container and you should see the result successful:
6. Finally restart CSF:
(OPTIONAL)
you can edit the vps configuration file from /etc/sysconfig/vz-scripts/ Let 101 is the VEID, add the above inserted modules in to the IPTABLE section in this configuration file.
and add this line
if you want edit some container only
eg: vzctl restart 101
CSF is a powerful Firewall for Linux and cPanel servers are here are the steps to get it working fine.
Sometimes you may get an error as follow after the csf installation in vps like this below
root@server [/csf]# perl csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...FAILED [FATAL Error: iptables: Unknown error 18446744073709551615] - Required for csf to function
Testing ipt_multiport/xt_multiport...FAILED [FATAL Error: iptables: Unknown error 18446744073709551615] - Required for csf to function
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: Unknown error 18446744073709551615] - Required for csf to function
Testing ipt_limit/xt_limit...FAILED [FATAL Error: iptables: Unknown error 18446744073709551615] - Required for csf to function
Testing ipt_recent...FAILED [Error: iptables: Unknown error 18446744073709551615] - Required for PORTFLOOD feature
Testing ipt_owner...FAILED [Error: iptables: Unknown error 18446744073709551615] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for MESSENGER featureHow to install CSF Firewall on Virtuozzo OpenVZ
SOLUTION:
To fix the issue – You’ll need to have access to your node (main server – not the VPS container). If you do not have access to the main server you may provide this guide to your VPS provider. Now you need to do the following steps:
1. Verify module is active
You can check it as follows
# lsmod |grep -i If not please insert these modules into the kernel.
# modprobe module-nameeg: modprobe ipt_conntrack
2. First, you need to define required iptables modules from node.
Edit /etc/sysconfig/iptables-config file on the node (Main server) and make sure you have the following:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"and then edit /etc/sysconfig/vz file:
IPTABLES="ipt_REJECT
ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"3. Restart Virtuozzo/OpenVZ/Container:
# service vz restartor# /etc/init.d/vz restart4. execute the command (Assuming your VPS’s CTID is 101):
# vzctl set 101 --netfilter full --save --setmode restart5. verify the perl test command on your VPS container and you should see the result successful:
root@servermox [~]# perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server6. Finally restart CSF:
# csf -r(OPTIONAL)
you can edit the vps configuration file from /etc/sysconfig/vz-scripts/ Let 101 is the VEID, add the above inserted modules in to the IPTABLE section in this configuration file.
# vi /etc/sysconfig/vz-scripts/101.confand add this line
IPTABLES="ipt_REDIRECT ipt_owner ipt_recent iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc"if you want edit some container only
# vzctl restart container-ideg: vzctl restart 101
A hard worker and hired as a SysAdmin by various hosting provider. I am just a wanderer on a "black screen"