When I click Start Firewall
I get this
iptables LKM ip_tables missing so this firewall cannot function unless you enable MONOLITHIC_KERNEL in /etc/csf/csf.conf
Error: aborted, at line 156
root@myserver [/etc/apf]# apf -r
Opening /proc/modules: No such file or directory
Unable to load iptables module (ip_tables), aborting.
Will the APF firewall work without the "ip_tables" module? I contacted my server management company and told them my previous tech said enabling ip_tables module on any VPS on our system would cause a kernel panic. Their response was to install APF on the VPS in question and not enable ip_tables, saying it should still block IPs and ports that aren't supposed to be open. Is this true? Or am I getting the runaround?
View 5 Replies View RelatedDoes the iptables service need to be running in order for APF to function? If so, can APF act like it is running, when the iptables service is not running, thus giving you a false sense of security?
View 14 Replies View RelatedIs it me or that anyone else experiencing the VZ master node not properly configured for those front-end firewall programs?
I recently purchased couple Linux VPSs (OpenVZ) from different vendors and both seems not having iptables properly configured. One of them finally got resolved, but took like a week for them to figure out what's wrong with it.
I'm currently still stuck with second VPS not protected.
I have not check into which iptables modules APF or CSF requires, but VPS vendors/resellers should expect their clients would be using those and properly configure their VZ master prior to deployments.
I'm begin to wonder people that purchases VPS slices, are they using any decent firewall front-end or not.
It always seems that ip_conntrack is missing. When exists, everything works.
after turning on the iptables firewall i can't receive emails anymore on a dedicated centos 5.3 server with postfix and dovecot.
with iptables firewall turned off everythin works fine.
following is the /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
# -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
# ************ tried doing this first ************
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 110 -j ACCEPT --syn
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT --syn
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 143 -j ACCEPT --syn
# ************ tried doing this too ************
-A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 72.233.54.234 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -s 72.233.54.234 --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -s 72.233.54.234 --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -s 0/0 --sport 25 -d 72.233.54.234 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
as you can see here i have tried opening ports 110, 25, 143 earlier. still did not work.
Hello !
I've got problems with my APF firewall. Here is are the errors I get :
[root@ks123456 ~]# apf -r
apf(6493): {glob} flushing & zeroing chain policies
apf(6493): {glob} firewall offline
apf(6530): {glob} activating firewall
Opening /proc/modules: No such file or directory
apf(6570): {glob} unable to load iptables module (ip_tables), aborting.
apf(6530): {glob} firewall initalized
apf(6530): {glob} fast load snapshot saved
The /var/log/apf_log file is full of these errors.
I've been told that it was a compatibility issue with the server's kernel. So I upgraded the kernel to the last version, but the problem still remains and I get the same errors...
Can you advise about what I should do now ?
Thank you !
Hello,
I have two similar VPS plans with identical software setups.
I installed APF Firewall on VPS A, modified the conf.apf file to
change the interfaces to venet0 and set monokern to 1 and
then opened all the ingress ports required. Started the firewall
with 'service apf start' and everything went fine, and everything
is working fine with no errors.
I did the same on VPS B but when I start apf I get the following
error that reoccurs during the startup sequence:
iptables: No chain/target/match by that name
While the firewall does seem to be running (by checking iptables -L)
I am unable to download files on the VPS, via wget or yum ...
I have a Virtuozzo VPS running Debian Sarge. I installed apf. My /etc/apf/conf.apf looks like:
IFACE_IN="venet0"
IFACE_OUT="venet0"
SET_MONOKERN="1"
IG_TCP_CPORTS="21,22,53,80,443,25,465,110,995,143,993,137,139,445,10000,3306"
IG_UDP_CPORTS="53"
Am am getting several "iptables: Invalid arguments" message. I traced this to these iptables calls from within /etc/apf/firewall. Each of these iptables calls gives "iptables: Invalid arguments":
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL NONE -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags SYN,RST SYN,RST -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags FIN,RST FIN,RST -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ACK,FIN FIN -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ACK,URG URG -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ACK,PSH PSH -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL FIN,URG,PSH -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL ALL -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL FIN -j IN_SANITY
Any thoughts? According to my ISP, I have these iptables modules:
iptable_filter
iptable_mangle
ipt_limit
ipt_multiport
ipt_tos
ipt_TOS
ipt_REJECT
ipt_TCPMSS
ipt_tcpmss
ipt_ttl
ipt_LOG
ipt_length
ip_conntrack
ip_conntrack_ftp
ip_conntrack_irc
ipt_conntrack
ipt_state
ipt_helper
iptable_nat
ip_nat_ftp
ip_nat_irc
I find it hard to configure IP tables for firewall, can I find already made scripts anywhere?
View 1 Replies View RelatedI temporarily enabled and activated Plesk firewall module (which I wish I didn't the first time) and for some reason it seems to have overwritten the default iptables configuration that was set, leaving my ftp unable to be logged into. I tried to disable the firewall module and reboot the server. It didn't work.
I also noticed that it somehow seem to have changed my hostname to my previous server hostname as well
Is there any way to completely revert back to original iptables settings before enabling the Firewall module?
I'm in the process of installing PPA on infrastructure running Parallels Cloud Server. Each container has 2 interfaces, one public facing and a private interface for inter-server communication.
No problems installing PPA 11.5 (specifying IP's on commandline) or adding service nodes however, the firewall rules the documentation speaks of are nowhere to be seen? i.e.:
Important: After the installation, PPA creates the special firewall chain PPA-SN-Rules-INPUT used for communication with service nodes. Do not change it, otherwise, you will not be able to add service nodes to PPA.Click to expand...
Has this been dropped from PPA 11.5 ? (I recall seeing the firewall settings in 11.1) There is also no sign of the ppa.firewall tool that is also mentioned.
The only rule I see inserted is for Postgres on the management node, and 2 for pleskd on all of the nodes (open to world!).
I execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.
Does anyone think this would be better than the default windows 2003 firewall?
It possible to disable the disable function for all user expect one account for running few application i need shell_exec, passthru, exec these so for other account it possible to disable it?
View 2 Replies View Relatedsuppose that i am a costumer. is it possible to see disabled function in php.ini?
(using any script)
How can figure out which functions are active on my server?
I have root access and the server is Linux.
I want to know wheather the function "fsockopen" is open or not.
Fatal error: Call to undefined function: curl_init() in /home/user/public_html/news/include/function.php on line 1526
how to fix this.??
thanks
NB: My server info
Centos
apache1
my php -v give :
Code:
php -v
PHP 4.4.7 (cli) (built: Jul 27 2007 18:31:31)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
with the ionCube PHP Loader v3.1.31, Copyright (c) 2002-2007, by ionCube Ltd., and
with Zend Extension Manager v1.2.0, Copyright (c) 2003-2007, by Zend Technologies
with Suhosin v0.9.20, Copyright (c) 2002-2006, by Hardened-PHP Project
with Zend Optimizer v3.3.0, Copyright (c) 1998-2007, by Zend Technologies
I got this warning message from a script I was working on to read XML feeds.
Warning: file_get_contents(url) [function.file-get-contents]: failed to open stream: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. in C:Apache2.2htdocs est5.php on line 8
but when i run the url itself, it works fine.
i already set allow_url_fopen = On
I am starting to webhosting company in it I have included a package will be free and add supported and also I want to disable some functions like mail() ..........I mean I want to disable SMTP services anyone have idea how can I do that.
View 14 Replies View RelatedCan anyone tell me in order to use the crypt function (amd md5sum) in a c++ program (g++ on CentOS assuming the cryptography libary is installed) what do I have to
#include
?
I got PHP working. But some of the Ajax functions it not working.
For example:
in wordpress admin, i can only use HTML mode to start a new post. I cant switch to VISUAL mode. And it was working before though.
What option do i need to compile PHP with to make it work?
Right now i have:
Quote:
'./configure' '--prefix=/opt/lsws/lsphp4' '--with-litespeed' '--with-mysql' '--with-gd' '--enable-shmop' '--enable-track-vars' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-magic-quotes' '--enable-mbstring' '--without-pear' '--with-bz2' '--with-curl' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-pspell' '--with-expat-dir=/usr' '--with-pcre-regex=/usr' '--with-zlib'
the php mail function not work on my server!
when I run this function not show any error too.
for example I run this code:
<?php
echo "ok";
$to = 'myemail@mydomain.com';
$subject = 'the subject';
$message = 'hello';
$headers = 'From: test@domainname.com' . "
" .
'Reply-To:test@test@domainname.com' . "
" .
'X-Mailer: PHP/' . phpversion();
if(mail($to, $subject, $message, $headers)){
echo "sent";
}else{
echo "notsent";
}
?>
I have just changed servers and uploaded a mail() script which was working on my previous config but does not work on the new server config. What is stopping the emails from being delivered, is there something new in WHM that I need to do?
Here are my WHM and cPanel details:
WHM 11.11.0 cPanel 11.15.0-R18264
REDHAT 4 i686 on standard - WHM X v3.1.0
I just re-installed PHP4, Apache, and MySQL and now the "mail" function in PHP will not work. Is there a way to correct this? Is there some configuration value in Apache or PHP I must change?
View 2 Replies View RelatedI have mixed feelings on the mail() function in php. I've seen it send out amazing numbers of emails and yet I keep reading that it is prone to problems. I'm wondering if someone can put an approximation on what you could/would send out in say 60 seconds. I know that there are tonnes of variables, so i'll try and remove a few:
- server hardware is typical of a cpanel/WHM shared hosting environment
- running apache/linux
- email is say 20kb HTML format
- mail is sent in a php script loop, one by one; alternatively, mail() could be called in clusters of x emails - like send 5 emails at once
- there are 400 recipients
Ive searched google and this forum for hours and have not found any solution to this below error on a site of mine.
I am using php 5.2
Warning: include() [function.include]: URL file-access is disabled in the server configuration in /home/comosabe/public_html/footer.php on line 5
We setup a new server and we're trying to use virtual() function to work with a certain script that requires it.
We already tried several ways to make it work. But at this moment, we only could make it work on PHP 4 with DSO.
how to know if mail() function is enabled or disabled on my server? how to enable/disable it?
can it be done via server control panel or is there a shell command for it?
one more thing, where to get/edit the SMTP data for my server?
I used the mail function in php to send mails to my 25000 members in a loop..
After using it my server has gone very slow.. Load has increased a lot from 2 to around 20.. Major load is taken by sql and then httpd (both have increased)..
I had restarted mysql and httpd.. even reinstalled apache but no help..
