Fli
04-27-2014, 09:48 AM
Service iptables start command returning:
iptables: Applying firewall rules: iptables-restore: line 44 failed
Please scroll down this post, there is simple solution right on the bottom. <<<<
------
So i did flush and reinstall of iptables:
# iptables -F
# yum reinstall iptables
did not helped
So i chacked my OpenVZ VPS config file on host node (/etc/vz/conf/860.conf) and it contains some rules:
IPTABLES="ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl
ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp ipt_recent ipt_owner"
so i restarted VPS:
vzctl restart 860
Then entered VM:
# vzctl enter 860
entered into CT 860
service iptables status
Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
....various rules here.....
# service iptables stop
iptables: Setting chains to policy ACCEPT: mangle filter na[ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
# service iptables start
iptables: Applying firewall rules: iptables-restore: line 44 failed
[FAILED]
Anyone knows please how to find issue please?
At line 44 in /etc/sysconfig/iptables
was some rules inputted by cPanel:
:cP-Firewall-1-INPUT - [0:0]
...
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
...
When uninstalling CSF:
You have an unresolved error when starting csf:
Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp -m limit --limit 30/m --limit-burst 5 -j LOG --log-prefix 'Firewall: *TCP_IN Blocked* '] failed, you appear to be missing a required iptables module, at line 617 in /usr/sbin/csf
============
I Installed APF firewall (google: apf centos vps install) and i realised the iptables is somehow running, although /etc/csf/csftest.pl still returns errors :(
The cause was that on host openvz server was not loaded iptables modules (modprobe modulename) (http://internetlifeforum.com/security-protection/461-csf-iptables-module-list-modprobe-ipt_owner-xt_owner-bad-module-fix/)
iptables: Applying firewall rules: iptables-restore: line 44 failed
Please scroll down this post, there is simple solution right on the bottom. <<<<
------
So i did flush and reinstall of iptables:
# iptables -F
# yum reinstall iptables
did not helped
So i chacked my OpenVZ VPS config file on host node (/etc/vz/conf/860.conf) and it contains some rules:
IPTABLES="ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl
ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ipt_state iptable_nat ip_nat_ftp ipt_recent ipt_owner"
so i restarted VPS:
vzctl restart 860
Then entered VM:
# vzctl enter 860
entered into CT 860
service iptables status
Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
....various rules here.....
# service iptables stop
iptables: Setting chains to policy ACCEPT: mangle filter na[ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
# service iptables start
iptables: Applying firewall rules: iptables-restore: line 44 failed
[FAILED]
Anyone knows please how to find issue please?
At line 44 in /etc/sysconfig/iptables
was some rules inputted by cPanel:
:cP-Firewall-1-INPUT - [0:0]
...
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
...
When uninstalling CSF:
You have an unresolved error when starting csf:
Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp -m limit --limit 30/m --limit-burst 5 -j LOG --log-prefix 'Firewall: *TCP_IN Blocked* '] failed, you appear to be missing a required iptables module, at line 617 in /usr/sbin/csf
============
I Installed APF firewall (google: apf centos vps install) and i realised the iptables is somehow running, although /etc/csf/csftest.pl still returns errors :(
The cause was that on host openvz server was not loaded iptables modules (modprobe modulename) (http://internetlifeforum.com/security-protection/461-csf-iptables-module-list-modprobe-ipt_owner-xt_owner-bad-module-fix/)