csf + lfd firewall configuration in vps (virtuozzo /openvz)
- Category : Linux Helpline (Easy Guide)
- Posted on : Jun 05, 2019
- Views : 2,388
- By : Barton S.
Introduction:
In general csf is giving good compatibility with cpanel servers . But in a vps (openvz or Virtuzzo) the csf configuration is something different.
Sometimes you may get an error as follow after the csf installation in vps
Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp -m limit –limit 30/m –limit-burst 5 -j LOG –log-prefix ‘Firewall: *TCP_IN Blocked* ‘] failed, at line 196
So how to resolve this issue. Let us do it as follows,
There are two steps to configure the csf in vps
- Main vps server ( The host server ,in which the vps nodes are running) configuration
- Vps node configuration.
Main vps serverconfiguration
Before starting the csf installation in a node login to the main server (host server) and check whether the following modules are inserted in to the kernel
ipt_conntrack
ipt_LOG
ipt_owner
ipt_state
ip_conntrack_ftp
You can check it as follows
# lsmod |grep -i <module-name>
If not please insert these modules into the kernel.
#modprob <module-name>
eg: modprob ipt_conntrack
Now add these modules to iptable configuration as follows.
# vi /etc/sysconfig/iptables-config
Add the following in this file
IPTABLES_MODULES=”ipt_conntrack ipt_LOG ipt_owner ipt_state ip_conntrack_ftp”
Now edit the vps configuration file from /etc/sysconfig/vz-scripts/ Let 101 is the VEID, add the above inserted modules in to the IPTABLE section in this configuration file.
# vi /etc/sysconfig/vz-scripts/101.conf
IPTABLES=”iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ipt_state
iptable_nat ip_nat_ftp ipt_owner ip_conntrack_ftp”
Here we completed the main vps server configuration . So now reboot the child node (not main server) as follows
# vzctl restart <veid>
eg: vzctl restart 101
ii) Vps node configuration.
Now ssh /enter your child vps node
Now download and install the csf . You can download the csf from here
Before restarting the csf let us do some configurations as follows , Edit the file /etc/csf/csf.conf .Then set the following variables
ETH_DEVICE = “venet0″ #from ifconfig you can see the n/w device
MONOLITHIC_KERNEL = “1″
VERBOSE = “0″ # will disable the verbose output during start
Now start the csf and lfd .
/etc/init.d/csf start
/etc/init.d/lfd start
Note: If it is cpanel server go to whm and configure the firewall settings
Categories
- cPanel Question 47
- cPanel Software Management 29
- cPanel Tutorials 13
- Development 29
- Domain 13
- General 19
- Linux Helpline (Easy Guide) 156
- Marketing 47
- MySQL Question 13
- News 2
- PHP Configuration 14
- SEO 4
- SEO 42
- Server Administration 84
- SSL Installation 54
- Tips and Tricks 24
- VPS 3
- Web Hosting 44
- Website Security 22
- WHM questions 13
- WordPress 148
Subscribe Now
10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!Archive Calendar
| Sat | Sun | Mon | Tue | Wed | Thu | Fri |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | ||||||
Recent Articles
-
Posted on : Sep 17
-
Posted on : Sep 10
-
Posted on : Aug 04
-
Posted on : Apr 01
Tags
- ts
- myisam
- vpn
- sql
- process
- kill
- tweak
- server load
- attack
- ddos mitigation
- Knowledge
- layer 7
- ddos
- webmail
- DMARC
- Development
- nginx
- seo vpn
- Hosting Security
- wireguard
- innodb
- exim
- smtp relay
- smtp
- VPS Hosting
- cpulimit
- Plesk
- Comparison
- cpu
- encryption
- WHM
- xampp
- sysstat
- optimize
- cheap vpn
- php-fpm
- mariadb
- apache
- Small Business
- Error
- Networking
- VPS
- SSD Hosting
- Link Building
- centos
- DNS
- optimization
- ubuntu
