In general csf is giving good compatibility with cpanel servers . But in a vps (openvz or Virtuzzo) the csf configuration is something different.
Sometimes you may get an error as follow after the csf installation in vps
Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp -m limit –limit 30/m –limit-burst 5 -j LOG –log-prefix ‘Firewall: *TCP_IN Blocked* ‘] failed, at line 196
So how to resolve this issue. Let us do it as follows,
There are two steps to configure the csf in vps
Main vps serverconfiguration
Before starting the csf installation in a node login to the main server (host server) and check whether the following modules are inserted in to the kernel
You can check it as follows
# lsmod |grep -i <module-name>
If not please insert these modules into the kernel.
eg: modprob ipt_conntrack
Now add these modules to iptable configuration as follows.
# vi /etc/sysconfig/iptables-config
Add the following in this file
IPTABLES_MODULES=”ipt_conntrack ipt_LOG ipt_owner ipt_state ip_conntrack_ftp”
Now edit the vps configuration file from /etc/sysconfig/vz-scripts/ Let 101 is the VEID, add the above inserted modules in to the IPTABLE section in this configuration file.
# vi /etc/sysconfig/vz-scripts/101.conf
IPTABLES=”iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ipt_state
iptable_nat ip_nat_ftp ipt_owner ip_conntrack_ftp”
Here we completed the main vps server configuration . So now reboot the child node (not main server) as follows
# vzctl restart <veid>
eg: vzctl restart 101
ii) Vps node configuration.
Now ssh /enter your child vps node
Now download and install the csf . You can download the csf fromhere
Before restarting the csf let us do some configurations as follows , Edit the file /etc/csf/csf.conf .Then set the following variables
ETH_DEVICE = “venet0″ #from ifconfig you can see the n/w device
MONOLITHIC_KERNEL = “1″
VERBOSE = “0″ # will disable the verbose output during start
Now start the csf and lfd .
Note: If it is cpanel server go to whm and configure the firewall settings