Skip to main content

iptables -L invdrop

Comments

6 comments

  • Infopro
    This thread on Configserver forums might be of some use: CSF Fails to start - ConfigServer Community Forum Note the code output in first post, scroll to bottom of it to see this message: Error: iptables command [/sbin/iptables -v -A INVALID -m state --state INVALID -j INVDROP] failed, you appear to be missing a required iptables module, at line 1457
    If that's of no use, maybe one of these search results is:
    0
  • jeffschips
    I apologize in advance I don't quite know what you are driving at: It is one post without any follow up solution. The error message: "INVDROP] failed, you appear to be missing a required iptables module, at line 1457" Is of no concrete use to me. What am I supposed to do to solve this? No reference to the actual missing module, and even if there was, shouldn't cpanel be upgrading iptables as part of the standard install?
    0
  • Infopro
    My apologies. I assume you have ConfigServer firewall installed. If you do: WebHost Manager "Plugins "ConfigServer Security & Firewall, scroll to the bottom of that main page to find the "Test IP Tables" button. You might run that and see what the result is. Be sure to restart firewall there right after. cPanel doesn't manage CSF, no. Again, assuming you do have CSF installed.
    0
  • jeffschips
    Yes I have the csf module installed in cpanel/WHM. I ran the test firewall and have the following results: Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing xt_connlimit...OK Testing ipt_owner/xt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK Testing iptable_nat/ipt_DNAT...OK RESULT: csf should function on this server However, I also have in the detailed output as it runs, the following errors: Flushing chain `INVALID' (this error shown 4X) INVALID tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 INVALID tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 INVALID tcp opt in !lo out * ::/0 -> ::/0 INVALID tcp opt in * out !lo ::/0 -> ::/0
    0
  • cPanelMichael
    Hello @jeffschips, It appears to relate to the conntrack iptables extension discussed and documented on the links below: Man page of iptables-extensions Let me know if this helps. Thank you.
    0
  • jeffschips
    Perfect! Thank you!
    0

Please sign in to leave a comment.