Discover Centmin Mod today
Register Now

Sysadmin Prevent iptables to block all network ?

Discussion in 'System Administration' started by pamamolf, Jan 25, 2017.

  1. pamamolf

    pamamolf Well-Known Member

    2,723
    242
    63
    May 31, 2014
    Ratings:
    +433
    Local Time:
    4:02 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Hi

    After updating to the latest kernel on Centos 7 and reboot i got some issues....

    I was not able to connect to the server at all :(

    Using kvm i solve it by clearing the iptables as it seems all network was blocked in a way :(

    Any ideas on what was cause that or any measures to prevent this on the future?

    Does csf -x doesn't disable completely and after restart is coming back?

    Thank you
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,166
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:02 AM
    Nginx 1.13.x
    MariaDB 5.5
    CSF lfd service will restart on reboot but that is login failure daemon. Server reboot or kernel updates shouldn't block entire network. Never experienced it myself. Who's your web host ? kvm/xen or openvz vps ? Dig into your /var/log/messages log for clues ?
     
  3. pamamolf

    pamamolf Well-Known Member

    2,723
    242
    63
    May 31, 2014
    Ratings:
    +433
    Local Time:
    4:02 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Dedicated server from onlinenet.....

    Latest kernel was not booting and i switch back to old one and i clear the iptables and all was ok then....
     
  4. pamamolf

    pamamolf Well-Known Member

    2,723
    242
    63
    May 31, 2014
    Ratings:
    +433
    Local Time:
    4:02 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Is it safe on Centminmod install to disable the iptables using:

    Code:
    systemctl stop firewalld
    systemctl disable firewalld
    ?
     
  5. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    3:02 AM
    1
    10
    you could, but run many, many risks running a server without a firewall, it's best to look into this further to see why there's issues
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,166
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:02 AM
    Nginx 1.13.x
    MariaDB 5.5
    that's already done by default, firewalld is disabled and CSF Firewall is in used to interface with iptables instead of firewalld.
     
  7. pamamolf

    pamamolf Well-Known Member

    2,723
    242
    63
    May 31, 2014
    Ratings:
    +433
    Local Time:
    4:02 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    How can i disable csf from autostart at reboot of the server?
     
  8. Sunka

    Sunka Active Member

    917
    240
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +388
    Local Time:
    3:02 AM
    Nginx 1.13.3
    MariaDB 10.1.24
    maybe
    Code:
    systemctl disable csf
    systemctl disable lfd
     
    • Informative Informative x 1
  9. eva2000

    eva2000 Administrator Staff Member

    30,166
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:02 AM
    Nginx 1.13.x
    MariaDB 5.5
    yup that's it or chkconfig is aliases for systemctl

    so same way you disable any other services
    Code (Text):
    chkconfig csf off
    chkconfig lfd off
    

    Wouldn't recommend it though as CSF/LFD are vital for server security and as you have out of band KVM console access, being locked out by accident is solvable anyway.
     
    • Agree Agree x 2