Want to subscribe to topics you're interested in?
Become a Member

CSF Firewall for Cloudflare port 8000 on localhost

Discussion in 'Install & Upgrades or Pre-Install Questions' started by EckyBrazzz, Jul 29, 2019.

  1. EckyBrazzz

    EckyBrazzz Active Member

    532
    112
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +203
    Local Time:
    3:24 PM
    1.17.x
    10.3.x
    I need to get port 8000 open to get something to work @ our best friend, Cloudflare
    Even disabled the firewall csf, but the port still is blocked.
    Code (Text):
    csf and lfd have been disabled, use 'csf -e' to enable
    [01:43][[email protected]<snipped> ~]# curl -svo /dev/null https://localhost:8000  
    * About to connect() to localhost port 8000 (#0)
    *   Trying ::1...
    * Connection refused
    *   Trying 127.0.0.1...
    * Connected to localhost (127.0.0.1) port 8000 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
    * SSL received a record that exceeded the maximum permissible length.
    * Closing connection 0
    [01:44][[email protected]<snipped> ~]# curl -svo /dev/null http://localhost:8000
    * About to connect() to localhost port 8000 (#0)
    *   Trying ::1...
    * Connection refused
    *   Trying 127.0.0.1...
    * Connected to localhost (127.0.0.1) port 8000 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host: localhost:8000
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    < Content-Type: text/html; charset=UTF-8
    < Transfer-Encoding: chunked
    < Connection: keep-alive
    < Vary: Accept-Encoding
    < x-cache-handler: wp
    < Server: nginx centminmod
    < X-Powered-By: centminmod
    < X-Xss-Protection: 1; mode=block
    < X-Content-Type-Options: nosniff
    < Date: Mon, 29 Jul 2019 01:45:56 GMT
    < X-Page-Speed: 1.13.35.2-0
    < Cache-Control: max-age=0, no-cache
    <
    { [data not shown]
    * Connection #0 to host localhost left intact
    [01:44][[email protected]<snipped> ~]# telnet localhost 8000
    Trying ::1...
    telnet: connect to address ::1: Connection refused
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    Connection closed by foreign host.
    

     
  2. eva2000

    eva2000 Administrator Staff Member

    41,080
    9,188
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,097
    Local Time:
    4:24 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    just add port 8000 to TCP_IN and TCP6_IN comma separated list in /etc/csf/csf.conf as per https://centminmod.com/csf_firewall.html and then restart CSF Firewall
    Code (Text):
    csf -ra


    FYI, if you completely disable CSF Firewall, you block all ports as there's no whitelist rules which CSF Firewall sets up when running
     
  3. EckyBrazzz

    EckyBrazzz Active Member

    532
    112
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +203
    Local Time:
    3:24 PM
    1.17.x
    10.3.x
    Had other issue, disabled it with csf -x and everything worked.

    I added only 8000 to UDP, as it was already in TCP

    https://paste.ee/p/Fn4K0#E1yIOSlVdd2ZTuaqKaJVt5s164K8qdzz (auto delete after * views)

    and restarted with csf -ra instead of only csf -r

    But the result is the same.
    Code (Text):
    [17:34][[email protected]<< snipped >> addons]# curl -svo /dev/null https://localhost:8000  
    * About to connect() to localhost port 8000 (#0)
    *   Trying ::1...
    * Connection refused
    *   Trying 127.0.0.1...
    * Connected to localhost (127.0.0.1) port 8000 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
    * SSL received a record that exceeded the maximum permissible length.
    * Closing connection 0
    [17:35][[email protected]<< snipped >> addons]# curl -svo /dev/null http://localhost:8000
    * About to connect() to localhost port 8000 (#0)
    *   Trying ::1...
    * Connection refused
    *   Trying 127.0.0.1...
    * Connected to localhost (127.0.0.1) port 8000 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host: localhost:8000
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    < Content-Type: text/html; charset=UTF-8
    < Transfer-Encoding: chunked
    < Connection: keep-alive
    < Vary: Accept-Encoding
    < x-cache-handler: wp
    < Server: nginx centminmod
    < X-Powered-By: centminmod
    < X-Xss-Protection: 1; mode=block
    < X-Content-Type-Options: nosniff
    < Date: Mon, 29 Jul 2019 17:36:59 GMT
    < X-Page-Speed: 1.13.35.2-0
    < Cache-Control: max-age=0, no-cache
    <
    { [data not shown]
    * Connection #0 to host localhost left intact
    [17:36][[email protected]<< snipped >> addons]# telnet localhost 8000
    Trying ::1...
    telnet: connect to address ::1: Connection refused
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    Connection closed by foreign host.