I think the firewall keeps shutting off

bi

billyf Oct 02, 2019 #1

In the web panel I dont see any ports or anything. I then turn the firewall on and i see all the rules but then I go later on and it looks like its off and I then have to turn it on again. I am on ver. 1.9 Any ideas ?

as

asheboro Oct 02, 2019 #2

I noticed the same thing happening on mine (also 1.9, ran the updater yesterday). When I try to turn it on, it flashes the rules on the page for a split second, too fast to tell what you’re looking at if you haven’t seen them before, and then it stays disabled.

to

tommass123 Oct 03, 2019 #3

I have the same problem, any solutions?

sz

szab Oct 03, 2019 #4

uninstall csf

as

asheboro Oct 04, 2019 #5

Good point. I forgot CSF was there.

bi

billyf Oct 04, 2019 #6

CSF is not installed.

bi

billyf Oct 10, 2019 #7

something is wrong and I bet a lot of people dont even realize it. When I checked the status of it this is what I got.

[root@ ~]# systemctl status firewalld

firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Thu 2019-10-10 14:07:43 EDT; 56s ago
Docs: man:firewalld(1)
Process: 8993 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 8993 (code=exited, status=0/SUCCESS)

Oct 10 14:07:43 systemd[1]: Starting firewalld - dynamic firewall daemon…
Oct 10 14:07:43 systemd[1]: Started firewalld - dynamic firewall daemon.
Oct 10 14:07:43 firewalld[8993]: WARNING: ipset not usable, disabling ipset usage in firewall.
Oct 10 14:07:43 firewalld[8993]: ERROR: Failed to load nf_conntrack module: modprobe: ERROR: could not find module by name=‘nf_conntrack’
modprobe: ERROR: could not insert ‘nf_conntrack’: Function not implemented
modprobe: ERROR: Error running install command for nf_conntrack…
Oct 10 14:07:43 firewalld[8993]: ERROR: Raising SystemExit in run_server

wh

whattheserver Oct 11, 2019 #8

is this an openvz based VPS? if so it is probably missing that kernel module and support.

You are going to want to look into a KVM based VPS which has full support ideally for best results and security. Openvz tends to be oversold and also limits your ability to run things like this which need custom kernel modules.

bi

billyf Oct 18, 2019 #9

That can’t be right. It was working fine in another version. So why was it working on the same vps no issues with firewall until a newer version I believe it was 1.8 is when firewall started going crazy

wh

whattheserver Oct 18, 2019 #10

well backup your csf.conf uninstall and reinstall it again would be my recommendation if your sure it works. This issue has nothing to do with Cyberpanel it has to either do with the OPenVZ virtualization missing the kernel modules CSF needs to work or CSF is broken.

also maybe check and ensure those modules are still loaded and haven’t changed
https://serverfault.daytorrents.com/questions/985302/firwalld-on-vps-without-nf-conntrack-kernel-module