csf + lfd firewall configuration in vps (virtuozzo /openvz)
- Category : Linux Helpline (Easy Guide)
- Posted on : Jun 05, 2019
- Views : 1,936
- By : Barton S.
Introduction:
In general csf is giving good compatibility with cpanel servers . But in a vps (openvz or Virtuzzo) the csf configuration is something different.
Sometimes you may get an error as follow after the csf installation in vps
Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp -m limit –limit 30/m –limit-burst 5 -j LOG –log-prefix ‘Firewall: *TCP_IN Blocked* ‘] failed, at line 196
So how to resolve this issue. Let us do it as follows,
There are two steps to configure the csf in vps
- Main vps server ( The host server ,in which the vps nodes are running) configuration
- Vps node configuration.
Main vps serverconfiguration
Before starting the csf installation in a node login to the main server (host server) and check whether the following modules are inserted in to the kernel
ipt_conntrack
ipt_LOG
ipt_owner
ipt_state
ip_conntrack_ftp
You can check it as follows
# lsmod |grep -i <module-name>
If not please insert these modules into the kernel.
#modprob <module-name>
eg: modprob ipt_conntrack
Now add these modules to iptable configuration as follows.
# vi /etc/sysconfig/iptables-config
Add the following in this file
IPTABLES_MODULES=”ipt_conntrack ipt_LOG ipt_owner ipt_state ip_conntrack_ftp”
Now edit the vps configuration file from /etc/sysconfig/vz-scripts/ Let 101 is the VEID, add the above inserted modules in to the IPTABLE section in this configuration file.
# vi /etc/sysconfig/vz-scripts/101.conf
IPTABLES=”iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ipt_state
iptable_nat ip_nat_ftp ipt_owner ip_conntrack_ftp”
Here we completed the main vps server configuration . So now reboot the child node (not main server) as follows
# vzctl restart <veid>
eg: vzctl restart 101
ii) Vps node configuration.
Now ssh /enter your child vps node
Now download and install the csf . You can download the csf from here
Before restarting the csf let us do some configurations as follows , Edit the file /etc/csf/csf.conf .Then set the following variables
ETH_DEVICE = “venet0″ #from ifconfig you can see the n/w device
MONOLITHIC_KERNEL = “1″
VERBOSE = “0″ # will disable the verbose output during start
Now start the csf and lfd .
/etc/init.d/csf start
/etc/init.d/lfd start
Note: If it is cpanel server go to whm and configure the firewall settings
Categories
Subscribe Now
10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!Archive Calendar
Sat | Sun | Mon | Tue | Wed | Thu | Fri |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | |
7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 | 22 | 23 | 24 | 25 | 26 | 27 |
28 | 29 | 30 | 31 |
Recent Articles
-
Posted on : Jul 25
-
Posted on : Jul 07
-
Posted on : Apr 07
-
Posted on : Mar 19
Optimized my.cnf configuration for MySQL 8 (on cPanel/WHM servers)
Tags
- layer 7
- tweak
- kill
- process
- sql
- Knowledge
- vpn
- seo vpn
- wireguard
- webmail
- ddos mitigation
- attack
- ddos
- DMARC
- server load
- Development
- nginx
- php-fpm
- cheap vpn
- Hosting Security
- xampp
- Plesk
- cpulimit
- VPS Hosting
- smtp
- smtp relay
- exim
- Comparison
- cpu
- WHM
- mariadb
- encryption
- sysstat
- optimize
- Link Building
- apache
- centos
- Small Business
- VPS
- Error
- SSD Hosting
- Networking
- optimization
- DNS
- mysql
- ubuntu
- Linux