Jump to content
Sign in to follow this  
rodrigo286

CSF erro doidao

Recommended Posts

Bom dia pessoa,

 

Então eu sempre usei CSF e hoje fui instalar em um dedicado novo e o mesmo não da block nas portas.

 

Por exemplo a porta 5841 não está na lista de portas liberadas, mas do mesmo jeito continua aberta.

 

Já verifiquei se tem outro firewall ou algo do tipo de script e nada.

 

Alguem já viu isso?

 

Abraço.

Share this post


Link to post
Share on other sites
Guest

Você desativou o 'Testing' da configuração do CSF?

Share this post


Link to post
Share on other sites

 

Rode o comando abaixo via SSH e poste o resultado:

perl /usr/local/csf/bin/csftest.pl

 

Também faço isso logo que instalo o CSF:

 

[root@ded servidores]# perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK


RESULT: csf should function on this server
[root@ded servidores]#

Abraço.

Share this post


Link to post
Share on other sites

 

Rode o comando abaixo via SSH e poste o resultado:

perl /usr/local/csf/bin/csftest.pl

 

posta tb

csf -e

 

eu tenho 9 anos nessa área e geralmente os problemas que demoro a resolver são os mais simples.

Share this post


Link to post
Share on other sites

posta tb

csf -e

 

eu tenho 9 anos nessa área e geralmente os problemas que demoro a resolver são os mais simples.

 

[root@ded servidores]# csf -e
csf and lfd are not disabled!

Share this post


Link to post
Share on other sites

Do nada ele funcionou e começou dar block nas portas mas agora parou =(

[root@ded ~]# csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `INVALID'
Flushing chain `INVDROP'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `SYNFLOOD'
Flushing chain `PREROUTING'
Flushing chain `POSTROUTING'
Flushing chain `OUTPUT'
Deleting chain `ALLOWIN'
Deleting chain `ALLOWOUT'
Deleting chain `DENYIN'
Deleting chain `DENYOUT'
Deleting chain `INVALID'
Deleting chain `INVDROP'
Deleting chain `LOCALINPUT'
Deleting chain `LOCALOUTPUT'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Deleting chain `SYNFLOOD'
csf: FASTSTART loading DROP no logging (IPv4)
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *TCP_OUT Blocked* '
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *UDP_OUT Blocked* '
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0
DENYOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
DENYIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
ALLOWOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
ALLOWIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
csf: FASTSTART loading Packet Filter (IPv4)
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0
INVALID  tcp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
INVALID  tcp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
csf: FASTSTART loading csf.allow (IPv4)
RETURN  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 100/sec burst 150
LOG  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *SYNFLOOD Blocked* '
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0
SYNFLOOD  tcp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x17/0x02
ACCEPT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  state RELATED,ESTABLISHED
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  state RELATED,ESTABLISHED
csf: FASTSTART loading TCP_IN (IPv4)
csf: FASTSTART loading TCP_OUT (IPv4)
csf: FASTSTART loading UDP_IN (IPv4)
csf: FASTSTART loading UDP_OUT (IPv4)
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  icmp type 8 limit: avg 1/sec burst 5
ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  icmp type 0
ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  icmp type 8
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  icmp type 0 limit: avg 1/sec burst 5
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  icmp type 11
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  icmp type 3
ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  icmp type 11
ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  icmp type 3
ACCEPT  all opt -- in lo out *  0.0.0.0/0  -> 0.0.0.0/0
ACCEPT  all opt -- in * out lo  0.0.0.0/0  -> 0.0.0.0/0
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
LOGDROPIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
csf: FASTSTART loading DNS (IPv4)
LOCALOUTPUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
LOCALINPUT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0

*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.

Abraço.

 

# EDIT

 

Eu tenho varios IPs será isso?

 

Abraço.

Share this post


Link to post
Share on other sites
Guest

Do nada ele funcionou e começou dar block nas portas mas agora parou =(

 

# EDIT

 

Eu tenho varios IPs será isso?

 

Abraço.

 

Se cada IP estiver em um interface física separada, sim. Você vai precisar adicionar o nome das interfaces no arquivo de configuração do CSF.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.





×
×
  • Create New...