I think the firewall keeps shutting off

billyf · October 2, 2019, 1:35am

In the web panel I dont see any ports or anything. I then turn the firewall on and i see all the rules but then I go later on and it looks like its off and I then have to turn it on again. I am on ver. 1.9 Any ideas ?

asheboro · October 2, 2019, 5:01am

I noticed the same thing happening on mine (also 1.9, ran the updater yesterday). When I try to turn it on, it flashes the rules on the page for a split second, too fast to tell what you’re looking at if you haven’t seen them before, and then it stays disabled.

tommass123 · October 3, 2019, 3:45pm

I have the same problem, any solutions?

szab · October 3, 2019, 5:43pm

uninstall csf

asheboro · October 4, 2019, 2:02am

Good point. I forgot CSF was there.

billyf · October 4, 2019, 3:28pm

CSF is not installed.

billyf · October 10, 2019, 6:12pm

something is wrong and I bet a lot of people dont even realize it. When I checked the status of it this is what I got.

[root@ ~]# systemctl status firewalld

firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Thu 2019-10-10 14:07:43 EDT; 56s ago
Docs: man:firewalld(1)
Process: 8993 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 8993 (code=exited, status=0/SUCCESS)

Oct 10 14:07:43 systemd[1]: Starting firewalld - dynamic firewall daemon…
Oct 10 14:07:43 systemd[1]: Started firewalld - dynamic firewall daemon.
Oct 10 14:07:43 firewalld[8993]: WARNING: ipset not usable, disabling ipset usage in firewall.
Oct 10 14:07:43 firewalld[8993]: ERROR: Failed to load nf_conntrack module: modprobe: ERROR: could not find module by name=‘nf_conntrack’
modprobe: ERROR: could not insert ‘nf_conntrack’: Function not implemented
modprobe: ERROR: Error running install command for nf_conntrack…
Oct 10 14:07:43 firewalld[8993]: ERROR: Raising SystemExit in run_server

whattheserver · October 11, 2019, 10:23am

is this an openvz based VPS? if so it is probably missing that kernel module and support.

You are going to want to look into a KVM based VPS which has full support ideally for best results and security. Openvz tends to be oversold and also limits your ability to run things like this which need custom kernel modules.

billyf · October 18, 2019, 4:44pm

That can’t be right. It was working fine in another version. So why was it working on the same vps no issues with firewall until a newer version I believe it was 1.8 is when firewall started going crazy

whattheserver · October 18, 2019, 6:51pm

well backup your csf.conf uninstall and reinstall it again would be my recommendation if your sure it works. This issue has nothing to do with Cyberpanel it has to either do with the OPenVZ virtualization missing the kernel modules CSF needs to work or CSF is broken.

also maybe check and ensure those modules are still loaded and haven’t changed
https://serverfault.daytorrents.com/questions/985302/firwalld-on-vps-without-nf-conntrack-kernel-module