LetHostTalk
Issue with CSF firewall - General Talks Discussions on LetsHostTalk - Web Hosting Forum — LetsHostTalk - Web Hosting Forum
HostNamaste

Issue with CSF firewall

When I tried to restart CSF on my cPanel server, I am getting below message.

====
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 22 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 25 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 37 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 43 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 53 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 80 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 110 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 113 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 443 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 587 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 873 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 993 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 995 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 2086 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 2087 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 2089 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3089]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW --dport 2703 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3111]
Command:[/sbin/iptables --wait -v -A INPUT ! -i lo -p udp -m conntrack --ctstate NEW --dport 20 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3111]
Command:[/sbin/iptables --wait -v -A INPUT ! -i lo -p udp -m conntrack --ctstate NEW --dport 21 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3111]
Command:[/sbin/iptables --wait -v -A INPUT ! -i lo -p udp -m conntrack --ctstate NEW --dport 53 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3111]
Command:[/sbin/iptables --wait -v -A INPUT ! -i lo -p udp -m conntrack --ctstate NEW --dport 80 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3111]
Command:[/sbin/iptables --wait -v -A INPUT ! -i lo -p udp -m conntrack --ctstate NEW --dport 443 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3133]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p udp -m conntrack --ctstate NEW --dport 20 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3133]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p udp -m conntrack --ctstate NEW --dport 21 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3133]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p udp -m conntrack --ctstate NEW --dport 53 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3133]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p udp -m conntrack --ctstate NEW --dport 113 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3133]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p udp -m conntrack --ctstate NEW --dport 123 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3133]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p udp -m conntrack --ctstate NEW --dport 873 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3133]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p udp -m conntrack --ctstate NEW --dport 6277 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]
You should check through the main output carefully

ERROR line:[3133]
Command:[/sbin/iptables --wait -v -A OUTPUT ! -o lo -p udp -m conntrack --ctstate NEW --dport 24441 -j ACCEPT]
Error:[iptables: No chain/target/match by that name.]

Can anyone help me how to solve this issue?

Comments

  • pingservpingserv Member, Provider
    Hello,

    That suggests you are missing the required iptables owner module in the kernel you are running. You need to either resolve that issue,or disable the SMTP_BLOCK option in csf.

    Are you used KVM or openvz6 or openvz 7. virtualization method?

  • It's openvz 6
  • farbytefarbyte Member, Provider
    I agree with @pingserv. It looks like required kernel module/s are not loaded on the host server (e.g. conntrack).
    If you administer the OpenVZ host server, you'll need to make sure the modules are loaded, however, if the host server is owned by somebody else, you'll need to contact them & ask for the modules to be loaded on the host. 
Sign In or Register to comment.
                                                               HostNamaste