Fli
06-28-2013, 12:53 AM
To install famous linux software firewall CSF (Config Server Firewall), use this manual (http://internetlifeforum.com/security-protection/462-tutorial-installing-csf-config-server-firewall-linux/) (open in a new window). BUT, you will get an errors probably, so to finish installation properly
Do this from the root server:
modprobe iptables_module
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_SAME
modprobe ipt_REJECT
modprobe ipt_helper
modprobe ipt_owner
modprobe ip_tables
modprobe ipt_MASQUERADE
modprobe ipt_multiport
modprobe xt_multiport
modprobe ipt_state
modprobe xt_state
modprobe ipt_limit
modprobe xt_limit
modprobe ipt_recent
modprobe xt_connlimit
modprobe ipt_owner
modprobe xt_owner
modprobe iptable_nat
modprobe ipt_DNAT
modprobe iptable_nat
modprobe ipt_REDIRECT
Instead of:
modprobe iptables_module
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_SAME
modprobe ipt_REJECT
modprobe ipt_helper
modprobe ipt_owner
modprobe ip_tables
modprobe ipt_MASQUERADE
modprobe ipt_multiport/xt_multiport
modprobe ipt_state/xt_state
modprobe ipt_limit/xt_limit
modprobe ipt_recent
modprobe xt_connlimit
modprobe ipt_owner/xt_owner
modprobe iptable_nat/ipt_DNAT
modprobe iptable_nat/ipt_REDIRECT
It should be without slashes (/) - these caused failure because module name has no slashes. ipt_multiport/xt_multiport means two modules probably..?
ISSUE
Validation script perl /etc/csf/csftest.pl (executed from VPS can return one error:
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: Unknown error 18446744073709551615] - Required for csf to function
SOLVING
For anyone reading this, if failed too, just repeat the process, but instead of whole modprobe block, just do these remaining:
modprobe ipt_multiport
modprobe xt_multiport
modprobe ipt_state
modprobe xt_state
modprobe ipt_limit
modprobe xt_limit
modprobe ipt_recent
modprobe xt_connlimit
modprobe ipt_owner
modprobe xt_owner
modprobe iptable_nat
modprobe ipt_DNAT
modprobe iptable_nat
modprobe ipt_REDIRECT
That helped to run perl /etc/csf/csftest.pl without any error.
Here is how to assign above iptables modules into virtual machine of OpenVZ VPS virtualisation:
vzctl set CTID --netfilter full --save --setmode restart
(consider --netfilter statefull ; read "man vzctl")
Do this from the root server:
modprobe iptables_module
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_SAME
modprobe ipt_REJECT
modprobe ipt_helper
modprobe ipt_owner
modprobe ip_tables
modprobe ipt_MASQUERADE
modprobe ipt_multiport
modprobe xt_multiport
modprobe ipt_state
modprobe xt_state
modprobe ipt_limit
modprobe xt_limit
modprobe ipt_recent
modprobe xt_connlimit
modprobe ipt_owner
modprobe xt_owner
modprobe iptable_nat
modprobe ipt_DNAT
modprobe iptable_nat
modprobe ipt_REDIRECT
Instead of:
modprobe iptables_module
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_SAME
modprobe ipt_REJECT
modprobe ipt_helper
modprobe ipt_owner
modprobe ip_tables
modprobe ipt_MASQUERADE
modprobe ipt_multiport/xt_multiport
modprobe ipt_state/xt_state
modprobe ipt_limit/xt_limit
modprobe ipt_recent
modprobe xt_connlimit
modprobe ipt_owner/xt_owner
modprobe iptable_nat/ipt_DNAT
modprobe iptable_nat/ipt_REDIRECT
It should be without slashes (/) - these caused failure because module name has no slashes. ipt_multiport/xt_multiport means two modules probably..?
ISSUE
Validation script perl /etc/csf/csftest.pl (executed from VPS can return one error:
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: Unknown error 18446744073709551615] - Required for csf to function
SOLVING
For anyone reading this, if failed too, just repeat the process, but instead of whole modprobe block, just do these remaining:
modprobe ipt_multiport
modprobe xt_multiport
modprobe ipt_state
modprobe xt_state
modprobe ipt_limit
modprobe xt_limit
modprobe ipt_recent
modprobe xt_connlimit
modprobe ipt_owner
modprobe xt_owner
modprobe iptable_nat
modprobe ipt_DNAT
modprobe iptable_nat
modprobe ipt_REDIRECT
That helped to run perl /etc/csf/csftest.pl without any error.
Here is how to assign above iptables modules into virtual machine of OpenVZ VPS virtualisation:
vzctl set CTID --netfilter full --save --setmode restart
(consider --netfilter statefull ; read "man vzctl")