Fli
01-07-2016, 11:01 AM
I have OpenVZ VPS and CentOS 7 on it.
Config server firewall errors after executing test script (perl /etc/csf/csftest.pl)
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: No chain/target/match by that name.] - Required for csf to function
Testing xt_connlimit...FAILED [Error: iptables: No chain/target/match by that name.] - Required for CONNLIMIT feature
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT...FAILED [Error: iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for csf.redirect feature
--- FAILED/NO IPTABLES ---
# service iptables status
Redirecting to /bin/systemctl status iptables.service
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled)
Active: failed (Result: exit-code) since Wed 2016-01-06 22:06:09 EST; 6h ago
Main PID: 111 (code=exited, status=1/FAILURE)
Jan 06 22:06:09 vcuglsfh systemd[1]: Starting IPv4 firewall with iptables...
Jan 06 22:06:09 vcuglsfh iptables.init[111]: iptables: Applying firewall rules: iptables-restore: line 14 failed
Jan 06 22:06:09 vcuglsfh iptables.init[111]: [FAILED]
Jan 06 22:06:09 vcuglsfh systemd[1]: iptables.service: main process exited, code=exited, status=1/FAILURE
Jan 06 22:06:09 vcuglsfh systemd[1]: Failed to start IPv4 firewall with iptables.
Jan 06 22:06:09 vcuglsfh systemd[1]: Unit iptables.service entered failed state.
# cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
What worked is to revert back to iptables instead of firewalld (replacement of iptables on RHEL 7?):
systemctl disable firewalld && systemctl stop firewalld
yum -y install iptables-services
systemctl enable iptables && service iptables save && service iptables restart
The above command "service iptables save" fixed the "iptables-restore: line 14 failed" problem
perl /etc/csf/csftest.pl
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: No chain/target/match by that name.]
Error was still there, on the VPS host node server (server on which virtual private server is hosted) i executed:
vzctl set VPSIDHERE --netfilter full --save --setmode restart
then entered into VPS and tried "perl /etc/csf/csftest.pl" but same failure. What put away CSF/iptable modules errors was to restart VPS and then CSF/iptables errors was away
vzctl restart VPSIDHERE
Config server firewall errors after executing test script (perl /etc/csf/csftest.pl)
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: No chain/target/match by that name.] - Required for csf to function
Testing xt_connlimit...FAILED [Error: iptables: No chain/target/match by that name.] - Required for CONNLIMIT feature
Testing iptable_nat/ipt_REDIRECT...FAILED [Error: iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT...FAILED [Error: iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)] - Required for csf.redirect feature
--- FAILED/NO IPTABLES ---
# service iptables status
Redirecting to /bin/systemctl status iptables.service
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled)
Active: failed (Result: exit-code) since Wed 2016-01-06 22:06:09 EST; 6h ago
Main PID: 111 (code=exited, status=1/FAILURE)
Jan 06 22:06:09 vcuglsfh systemd[1]: Starting IPv4 firewall with iptables...
Jan 06 22:06:09 vcuglsfh iptables.init[111]: iptables: Applying firewall rules: iptables-restore: line 14 failed
Jan 06 22:06:09 vcuglsfh iptables.init[111]: [FAILED]
Jan 06 22:06:09 vcuglsfh systemd[1]: iptables.service: main process exited, code=exited, status=1/FAILURE
Jan 06 22:06:09 vcuglsfh systemd[1]: Failed to start IPv4 firewall with iptables.
Jan 06 22:06:09 vcuglsfh systemd[1]: Unit iptables.service entered failed state.
# cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
What worked is to revert back to iptables instead of firewalld (replacement of iptables on RHEL 7?):
systemctl disable firewalld && systemctl stop firewalld
yum -y install iptables-services
systemctl enable iptables && service iptables save && service iptables restart
The above command "service iptables save" fixed the "iptables-restore: line 14 failed" problem
perl /etc/csf/csftest.pl
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: No chain/target/match by that name.]
Error was still there, on the VPS host node server (server on which virtual private server is hosted) i executed:
vzctl set VPSIDHERE --netfilter full --save --setmode restart
then entered into VPS and tried "perl /etc/csf/csftest.pl" but same failure. What put away CSF/iptable modules errors was to restart VPS and then CSF/iptables errors was away
vzctl restart VPSIDHERE