CSF strange lines when starting and strange working.
Hy there guys i got some strange thinks when i start CSF it shows this
And more but those ones i recognize them but this ones i dont i dont remember adding this tipes of thinks in the csf . And i see it long time ago but i was thinking is from csf. But the strange think is this. My server location is: Romania and some days i see there is not posible to make external connections to server, i get alert from pingdom theath is down, i try with proxy, with CyberGhost 5 i ask friends from other countrys and nothink this for 30 min after is back but in the same time me or anyone from Romania ( Server location ) is able to acces the server or the websites. The think is i changed the datacenter and since i change it i have this thinks they was telling me is an attack and they have some sort of profesional firewall switch witch if an incoming traffic bigger then 1GBps it will close all the external connextions :| but i dont belive it because in one they from iptables or somewhere i changed the 30minutes to 5 and was making just 5 minutes like not external connextions. Tnx guys and please give me an ideea about this.
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *TCP_OUT Blocked* '
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *UDP_OUT Blocked* '
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
LOG tcp opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP6IN Blocked* '
LOG tcp opt in * out * ::/0 -> ::/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *TCP6OUT Blocked* '
LOG udp opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP6IN Blocked* '
LOG udp opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *UDP6OUT Blocked* '
LOG icmpv6 opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP6IN Blocked* '
LOG icmpv6 opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *ICMP6OUT Blocked* ' And more but those ones i recognize them but this ones i dont i dont remember adding this tipes of thinks in the csf . And i see it long time ago but i was thinking is from csf. But the strange think is this. My server location is: Romania and some days i see there is not posible to make external connections to server, i get alert from pingdom theath is down, i try with proxy, with CyberGhost 5 i ask friends from other countrys and nothink this for 30 min after is back but in the same time me or anyone from Romania ( Server location ) is able to acces the server or the websites. The think is i changed the datacenter and since i change it i have this thinks they was telling me is an attack and they have some sort of profesional firewall switch witch if an incoming traffic bigger then 1GBps it will close all the external connextions :| but i dont belive it because in one they from iptables or somewhere i changed the 30minutes to 5 and was making just 5 minutes like not external connextions. Tnx guys and please give me an ideea about this.
-
Hello :) To clarify, you are simply curious to know if custom rules were added by CSF itself, or by your data center? Note that CSF is a third-party application so you may want to ask this question on their forums: [url=http://forum.configserver.com/viewforum.php?f=6]ConfigServer Community Forum - General Discussion (csf) Thank you. 0 -
Hy Michael i know CSF is a thid-party aplication but when i got a problem on cPanel i can trust and they allways there for you. I know those rulls they was added by the datacenter because before i was still using csf and when i was restarting it i never sow those rulls. The think is i was tryed to remove them but i dont fiind them any where i had even uninstalled csf and then reinstalled and still the same i dont know what those ruls ar doing if is got or bad and how to remove them or add them when i whant. 0 -
It's possible the rules were added with a version update of CSF. Most CSF installs update automatically. As a data center provider, we don't go around messing with peoples firewall rules other than to maybe whitelist our monitoring servers. I am not an iptables expert however those rules look associated with rate limiting on first glance; perhaps the sections for port scans, syn flood, or other protections in csf.conf should be checked. Unless you are using a file like /etc/csf/csfpre.sh or /etc/csf/csfpost.sh all of your iptables rules are generated according to the options set in the /etc/csf/csf.conf file, in conjunction with the csf.allow and csf.deny files. 0 -
You are able to Reset CSF to defaults (or choose a pre-configured csf.conf) from the Firewalls Profiles section of CSF. 0
Please sign in to leave a comment.
Comments
4 comments