CSF (ConfigServer Firewall) Issues

Hello All,

Sorry if this is the wrong place to post. Has anyone managed to install CSF (ConfigServer Firewall) on Tumbleweed? The installation appears to be successful, but I am unable to run the application when I run ‘systemctl start csf’. Is it even compatible?

Thanks!

Welcome to openSUSE Forums. I know nothing about CSF, but to start with…

Any error messages?

sudo systemctl status csf

I assume firewalld is not active?

sudo systemctl status firewalld

Hi deano_ferrari,

Thanks for the reply.

Firewalld is not active -


systemctl status firewalld
firewalld.service
Loaded: masked (/dev/null; masked)
Active: inactive (dead)

This is the current status of CSF -


sudo systemctl status csf
csf.service - ConfiguServer Firewall & Security - csf
Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor present: disabled)
Active: inactive (dead)

When I try to start the service -


systemctl start csf
Job for csf.service failed because the control process exited with error code.
See "systemctl status csf.service" and "journalctl -xe" for details.


systemctl status csf.service
csf.service - ConfigServer Firewall & Security - csf
   Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2018-10-04 13:57:44 AEST; 7min ago
  Process: 2024 ExecStart=/usr/sbin/csf --initup (code=exited, status=2)
 Main PID: 2024 (code=exited, status=2)

Oct 04 13:57:43 SERVER systemd[1]: Starting ConfigServer Firewall & Security - csf...
Oct 04 13:57:44 SERVER csf[2024]: *Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/ip6tables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/Sanity.pm line 36.
Oct 04 13:57:44 SERVER csf[2024]: Compilation failed in require at /usr/sbin/csf line 22.
Oct 04 13:57:44 SERVER csf[2024]: BEGIN failed--compilation aborted at /usr/sbin/csf line 22.
Oct 04 13:57:44 SERVER systemd[1]: csf.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Oct 04 13:57:44 SERVER systemd[1]: csf.service: Failed with result 'exit-code'.
Oct 04 13:57:44 SERVER systemd[1]: Failed to start ConfigServer Firewall & Security - csf.

I can now see what the issue is, but I am not sure how to resolve it.

Any ideas? I know this works on Leap and OpenSuse 13.*


Oct 04 13:57:44 SERVER csf[2024]: *Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/ip6tables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/Sanity.pm line 36.

The ip6tables utility is located in /usr/sbin/ directory. Set that in /etc/csf/csf.conf accordingly.

and there were compilation errors…

Oct 04 13:57:44 SERVER csf[2024]: Compilation failed in require at /usr/sbin/csf line 22.
Oct 04 13:57:44 SERVER csf[2024]: BEGIN failed--compilation aborted at /usr/sbin/csf line 22.
Oct 04 13:57:44 SERVER systemd[1]: csf.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Oct 04 13:57:44 SERVER systemd[1]: csf.service: Failed with result 'exit-code'.
Oct 04 13:57:44 SERVER systemd[1]: Failed to start ConfigServer Firewall & Security - csf.

For that you’re probably best advised to get support from the CSF forum
https://www.configserver.com/support.html

Hi deano_ferrari,

I just found that myself!

Thanks very much for your help. After updating the csf.conf file it is now running normally.

One additional thing that I noticed is that it still uses ifconfig and netstat. I will install the net-tool-deprecated just to be safe until they release a new version.

Thanks.

Good to read of your success with this.

One question though - Any particular reason why you prefer this particular firewall implementation?

I really like it’s Webmin implementation and find it very easy to use and configure (normally!)

We don’t do anything overly complicated with firewalls in here, so it suits our needs.

Thanks for your answer. :slight_smile:

I am actually very happy to hear that this is working –

I’m a pfSense user and I’ve been wanting to implement a Linux Distro as an edge firewall/router for my homelab so I can use newer Linux kernel technologies like BPF, VPP, and DPDK on my 10Gbps network

OpenSUSE TW AFAIK is the only distro with BPF installed out of the box. The only thing is, I wasn’t sure if the switch from firewalld to iptables rules would work for csf

I like a simple to use web interface for firewall/router as I don’t have a whole lot of time to troubleshoot routing issues, I just need something that works since I have other users that will be very mad if the internet is down too long.

But obviously I’d like to do a little experimentation! I was thinking TW would be OK for a router as long as I run it as a VM and take system snapshots religiously before any updates or config changes (snapper is great, too)

Webmin firewalld interface is OK, but csf looks a lot better.

OP - have you had any issues with your csf setup on TW so far? Any potential issues I should know about?