Results 1 to 9 of 9

Thread: CSF (ConfigServer Firewall) Issues

  1. #1

    Question CSF (ConfigServer Firewall) Issues

    Hello All,

    Sorry if this is the wrong place to post. Has anyone managed to install CSF (ConfigServer Firewall) on Tumbleweed? The installation appears to be successful, but I am unable to run the application when I run 'systemctl start csf'. Is it even compatible?

    Thanks!

  2. #2
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,382
    Blog Entries
    1

    Default Re: CSF (ConfigServer Firewall) Issues

    Quote Originally Posted by LtBlamBlam View Post
    Hello All,

    Sorry if this is the wrong place to post. Has anyone managed to install CSF (ConfigServer Firewall) on Tumbleweed? The installation appears to be successful, but I am unable to run the application when I run 'systemctl start csf'. Is it even compatible?

    Thanks!
    Welcome to openSUSE Forums. I know nothing about CSF, but to start with...

    Any error messages?
    Code:
    sudo systemctl status csf
    I assume firewalld is not active?
    Code:
    sudo systemctl status firewalld
    openSUSE Leap 15.0; KDE Plasma 5

  3. #3

    Default Re: CSF (ConfigServer Firewall) Issues

    Hi deano_ferrari,

    Thanks for the reply.

    Firewalld is not active -

    Code:
    systemctl status firewalld
    firewalld.service
    Loaded: masked (/dev/null; masked)
    Active: inactive (dead)
    This is the current status of CSF -

    Code:
    sudo systemctl status csf
    csf.service - ConfiguServer Firewall & Security - csf
    Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor present: disabled)
    Active: inactive (dead)
    When I try to start the service -

    Code:
    systemctl start csf
    Job for csf.service failed because the control process exited with error code.
    See "systemctl status csf.service" and "journalctl -xe" for details.
    Code:
    systemctl status csf.service
    csf.service - ConfigServer Firewall & Security - csf
       Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: disabled)
       Active: failed (Result: exit-code) since Thu 2018-10-04 13:57:44 AEST; 7min ago
      Process: 2024 ExecStart=/usr/sbin/csf --initup (code=exited, status=2)
     Main PID: 2024 (code=exited, status=2)
    
    Oct 04 13:57:43 SERVER systemd[1]: Starting ConfigServer Firewall & Security - csf...
    Oct 04 13:57:44 SERVER csf[2024]: *Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/ip6tables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/Sanity.pm line 36.
    Oct 04 13:57:44 SERVER csf[2024]: Compilation failed in require at /usr/sbin/csf line 22.
    Oct 04 13:57:44 SERVER csf[2024]: BEGIN failed--compilation aborted at /usr/sbin/csf line 22.
    Oct 04 13:57:44 SERVER systemd[1]: csf.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
    Oct 04 13:57:44 SERVER systemd[1]: csf.service: Failed with result 'exit-code'.
    Oct 04 13:57:44 SERVER systemd[1]: Failed to start ConfigServer Firewall & Security - csf.
    I can now see what the issue is, but I am not sure how to resolve it.

    Any ideas? I know this works on Leap and OpenSuse 13.*

  4. #4
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,382
    Blog Entries
    1

    Default Re: CSF (ConfigServer Firewall) Issues

    Quote Originally Posted by LtBlamBlam View Post
    I can now see what the issue is, but I am not sure how to resolve it.
    Code:
    Oct 04 13:57:44 SERVER csf[2024]: *Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/ip6tables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/Sanity.pm line 36.
    The ip6tables utility is located in /usr/sbin/ directory. Set that in /etc/csf/csf.conf accordingly.

    and there were compilation errors...
    Code:
    Oct 04 13:57:44 SERVER csf[2024]: Compilation failed in require at /usr/sbin/csf line 22.
    Oct 04 13:57:44 SERVER csf[2024]: BEGIN failed--compilation aborted at /usr/sbin/csf line 22.
    Oct 04 13:57:44 SERVER systemd[1]: csf.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
    Oct 04 13:57:44 SERVER systemd[1]: csf.service: Failed with result 'exit-code'.
    Oct 04 13:57:44 SERVER systemd[1]: Failed to start ConfigServer Firewall & Security - csf.
    For that you're probably best advised to get support from the CSF forum
    https://www.configserver.com/support.html
    openSUSE Leap 15.0; KDE Plasma 5

  5. #5

    Default Re: CSF (ConfigServer Firewall) Issues

    Hi deano_ferrari,

    I just found that myself!

    Thanks very much for your help. After updating the csf.conf file it is now running normally.

    One additional thing that I noticed is that it still uses ifconfig and netstat. I will install the net-tool-deprecated just to be safe until they release a new version.

    Thanks.

  6. #6
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,382
    Blog Entries
    1

    Default Re: CSF (ConfigServer Firewall) Issues

    Quote Originally Posted by LtBlamBlam View Post
    Hi deano_ferrari,

    I just found that myself!

    Thanks very much for your help. After updating the csf.conf file it is now running normally.
    Good to read of your success with this.

    One question though - Any particular reason why you prefer this particular firewall implementation?
    openSUSE Leap 15.0; KDE Plasma 5

  7. #7

    Default Re: CSF (ConfigServer Firewall) Issues

    I really like it's Webmin implementation and find it very easy to use and configure (normally!)

    We don't do anything overly complicated with firewalls in here, so it suits our needs.

  8. #8
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,382
    Blog Entries
    1

    Default Re: CSF (ConfigServer Firewall) Issues

    Quote Originally Posted by LtBlamBlam View Post
    I really like it's Webmin implementation and find it very easy to use and configure (normally!)

    We don't do anything overly complicated with firewalls in here, so it suits our needs.
    Thanks for your answer.
    openSUSE Leap 15.0; KDE Plasma 5

  9. #9

    Default Re: CSF (ConfigServer Firewall) Issues

    I am actually very happy to hear that this is working --

    I'm a pfSense user and I've been wanting to implement a Linux Distro as an edge firewall/router for my homelab so I can use newer Linux kernel technologies like BPF, VPP, and DPDK on my 10Gbps network

    OpenSUSE TW AFAIK is the only distro with BPF installed out of the box. The only thing is, I wasn't sure if the switch from firewalld to iptables rules would work for csf

    I like a simple to use web interface for firewall/router as I don't have a whole lot of time to troubleshoot routing issues, I just need something that works since I have other users that will be very mad if the internet is down too long.

    But obviously I'd like to do a little experimentation! I was thinking TW would be OK for a router as long as I run it as a VM and take system snapshots religiously before any updates or config changes (snapper is great, too)

    Webmin firewalld interface is OK, but csf looks a lot better.

    OP - have you had any issues with your csf setup on TW so far? Any potential issues I should know about?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •