/ Register

Join the community today
Become a Member

Sysadmin Prevent iptables to block all network ?

Discussion in 'System Administration' started by pamamolf, Jan 25, 2017.

Previous Thread Next Thread
Loading...
  1. Jan 25, 2017 #1
    pamamolf

    pamamolf Premium Member Premium Member

    4,086
    428
    83
    May 31, 2014
    Ratings:
    +834
    Local Time:
    12:28 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Hi

    After updating to the latest kernel on Centos 7 and reboot i got some issues....

    I was not able to connect to the server at all :(

    Using kvm i solve it by clearing the iptables as it seems all network was blocked in a way :(

    Any ideas on what was cause that or any measures to prevent this on the future?

    Does csf -x doesn't disable completely and after restart is coming back?

    Thank you
     
  2. Jan 25, 2017 #2
    eva2000

    eva2000 Administrator Staff Member

    54,860
    12,239
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,810
    Local Time:
    8:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    CSF lfd service will restart on reboot but that is login failure daemon. Server reboot or kernel updates shouldn't block entire network. Never experienced it myself. Who's your web host ? kvm/xen or openvz vps ? Dig into your /var/log/messages log for clues ?
     
  3. Jan 25, 2017 #3
    pamamolf

    pamamolf Premium Member Premium Member

    4,086
    428
    83
    May 31, 2014
    Ratings:
    +834
    Local Time:
    12:28 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Dedicated server from onlinenet.....

    Latest kernel was not booting and i switch back to old one and i clear the iptables and all was ok then....
     
  4. Jan 25, 2017 #4
    pamamolf

    pamamolf Premium Member Premium Member

    4,086
    428
    83
    May 31, 2014
    Ratings:
    +834
    Local Time:
    12:28 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Is it safe on Centminmod install to disable the iptables using:

    Code:
    systemctl stop firewalld
systemctl disable firewalld
    ?
     
  5. Jan 25, 2017 #5
    SFLC

    SFLC Active Member

    223
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    12:28 PM
    1
    10
    you could, but run many, many risks running a server without a firewall, it's best to look into this further to see why there's issues
     
  6. Jan 25, 2017 #6
    eva2000

    eva2000 Administrator Staff Member

    54,860
    12,239
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,810
    Local Time:
    8:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    that's already done by default, firewalld is disabled and CSF Firewall is in used to interface with iptables instead of firewalld.
     
  7. Jan 26, 2017 #7
    pamamolf

    pamamolf Premium Member Premium Member

    4,086
    428
    83
    May 31, 2014
    Ratings:
    +834
    Local Time:
    12:28 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    How can i disable csf from autostart at reboot of the server?
     
  8. Jan 26, 2017 #8
    Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    11:28 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    maybe
    Code:
    systemctl disable csf
systemctl disable lfd
     
  9. Jan 26, 2017 #9
    eva2000

    eva2000 Administrator Staff Member

    54,860
    12,239
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,810
    Local Time:
    8:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yup that's it or chkconfig is aliases for systemctl

    so same way you disable any other services
    Code (Text):
    chkconfig csf off
chkconfig lfd off

    Wouldn't recommend it though as CSF/LFD are vital for server security and as you have out of band KVM console access, being locked out by accident is solvable anyway.
     
Previous Thread Next Thread
Loading...

.