Join the community today
Become a Member

Sysadmin Prevent iptables to block all network ?

Discussion in 'System Administration' started by pamamolf, Jan 25, 2017.

  1. pamamolf

    pamamolf Well-Known Member

    3,117
    295
    83
    May 31, 2014
    Ratings:
    +531
    Local Time:
    8:05 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Hi

    After updating to the latest kernel on Centos 7 and reboot i got some issues....

    I was not able to connect to the server at all :(

    Using kvm i solve it by clearing the iptables as it seems all network was blocked in a way :(

    Any ideas on what was cause that or any measures to prevent this on the future?

    Does csf -x doesn't disable completely and after restart is coming back?

    Thank you
     
  2. eva2000

    eva2000 Administrator Staff Member

    36,860
    8,067
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,425
    Local Time:
    4:05 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    CSF lfd service will restart on reboot but that is login failure daemon. Server reboot or kernel updates shouldn't block entire network. Never experienced it myself. Who's your web host ? kvm/xen or openvz vps ? Dig into your /var/log/messages log for clues ?
     
  3. pamamolf

    pamamolf Well-Known Member

    3,117
    295
    83
    May 31, 2014
    Ratings:
    +531
    Local Time:
    8:05 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Dedicated server from onlinenet.....

    Latest kernel was not booting and i switch back to old one and i clear the iptables and all was ok then....
     
  4. pamamolf

    pamamolf Well-Known Member

    3,117
    295
    83
    May 31, 2014
    Ratings:
    +531
    Local Time:
    8:05 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Is it safe on Centminmod install to disable the iptables using:

    Code:
    systemctl stop firewalld
    systemctl disable firewalld
    ?
     
  5. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    8:05 AM
    1
    10
    you could, but run many, many risks running a server without a firewall, it's best to look into this further to see why there's issues
     
  6. eva2000

    eva2000 Administrator Staff Member

    36,860
    8,067
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,425
    Local Time:
    4:05 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    that's already done by default, firewalld is disabled and CSF Firewall is in used to interface with iptables instead of firewalld.
     
  7. pamamolf

    pamamolf Well-Known Member

    3,117
    295
    83
    May 31, 2014
    Ratings:
    +531
    Local Time:
    8:05 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    How can i disable csf from autostart at reboot of the server?
     
  8. Sunka

    Sunka Well-Known Member

    1,025
    284
    83
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +462
    Local Time:
    7:05 AM
    Nginx 1.15.0
    MariaDB 10.2.15
    maybe
    Code:
    systemctl disable csf
    systemctl disable lfd
     
    • Informative Informative x 1
  9. eva2000

    eva2000 Administrator Staff Member

    36,860
    8,067
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,425
    Local Time:
    4:05 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yup that's it or chkconfig is aliases for systemctl

    so same way you disable any other services
    Code (Text):
    chkconfig csf off
    chkconfig lfd off
    

    Wouldn't recommend it though as CSF/LFD are vital for server security and as you have out of band KVM console access, being locked out by accident is solvable anyway.
     
    • Agree Agree x 2
..