• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Firewall activation error

M

msibley

Guest
When trying to set the firewall, upon clicking the Activate button, I get the following error:

Could not activate firewall configuration

safeact: /usr/local/psa/var/modules/firewall/firewall0new.sh failed:
iptables: No chain/target/match by that name

I'm running 7.5.4-fc2.build75050824.12

firewall 1.0.1
 
Originally posted by msibley
When trying to set the firewall, upon clicking the Activate button, I get the following error:

Could not activate firewall configuration

safeact: /usr/local/psa/var/modules/firewall/firewall0new.sh failed:
iptables: No chain/target/match by that name

I'm running 7.5.4-fc2.build75050824.12

firewall 1.0.1

What is your OS and Kernel versioin number? I had the same problem on RH9 Kernel 2.4.0.2

The problem was that this version of kernel does not truly support tables in IPTABLES. I am on a VPS and my provider (GoDaddy) says that their system does not support upgrading the kernel. To find what exactly what won't work for you, open the file "firewall0new.sh" and using #/sbin/iptables command, enter each line of the script one at a time, then you can see exactly what lines are not compatible.
 
Redhat 2.4.20-021stab028.3.777-enterprise

It is also a godaddy VDS
 
Then you probably have the same problem I had. The following commands in the script will not work with the kernel version and iptables version that you have:

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A FORWARD -m state --state INVALID -j DROP

The iptables will not accept the "-m state --state" and "--syn" commands.

If you would like a copy of the firewall script that I use, I will send it to you in a private message. I do not want to post it here.
 
Re: Re: Firewall activation error

Originally posted by jwdick
What is your OS and Kernel versioin number? I had the same problem on RH9 Kernel 2.4.0.2

Is this the reason for:
===============
Could not activate firewall configuration:
safeact: /usr/local/psa/modules/firewall/firewall-new.sh failed:
iptables: Memory allocation problem.
===============
too? Incompatibility?
Linux 2.4.20-021stab028.18.777-enterprise (FedoraCore 2)
 
I cannot answer this as a definite since this is not the error message that I received, but I know that the psa-firewall is not compatible with Kernel 2.4.20

Check your boot.log to see if the psa-firewall is even enabled. I have the following message in my boot log:

Jan 7 14:18:56 domainname psa-firewall: psa-firewall: service is disabled
Jan 7 14:18:56 domainname rc: Starting psa-firewall: failed

I can send you a copy of the script that I use also. The script is 2500 characters and private messages limit the size to 1000 characters. You can send me your email address in a PM and I will forward you what I have that I know works.
 
Haha, its disabled:
Jan 9 03:09:17 psa-firewall: psa-firewall: service is disabled
Jan 9 03:09:17 rc: Starting psa-firewall: failed
So, how do i enable it?
 
It just said the service is disabled when I tried to start it..... Maybe my hosting disabled the module? Which is a bit stupid seeing that the module is visible in Plesk lol
 
I think it is probably disabled because the psa-firewall is not compatible with your kernel version.
 
PedestersPlanet, may I ask what hosting service you are on? Godaddy?
 
I would definately go with a more robust firewall config than that offered by plesk. We tried it for a while but were having problems with it loading the correct set of rules - sometimes it loaded the rules we configured, other times it simply didn't load anything.

Your much better off using an iptables firewall.
 
Originally posted by msibley
PedestersPlanet, may I ask what hosting service you are on? Godaddy?
I'm in England , I use WebFusion(.co.uk)

I have heard a lot about GoDaddy, that isn't very reassuring.

Why you ask?
 
The reason I ask is because this is a new VDS account with Godaddy. I'm just flabbergasted that they set up a server with Plesk in a way that had incompatibilities. Why have the Firewall module installed if it isn't going to work. How much time have I wasted trying to figure out how to use it? Plus we've had numerous other problems (memory allocation, etc.) and they have not been very supportive.
 
Originally posted by msibley
The reason I ask is because this is a new VDS account with Godaddy. I'm just flabbergasted that they set up a server with Plesk in a way that had incompatibilities. Why have the Firewall module installed if it isn't going to work. How much time have I wasted trying to figure out how to use it? Plus we've had numerous other problems (memory allocation, etc.) and they have not been very supportive.
I understand your concerns, I too have problems with mine - events fail to trigger, mysqld crashes or is too slow..... Slow connection...... etc....

The mysqld crashing is a bugger, as Plesk relies on it 100%, so when mysqld goes down, so does the crons (hence i cant use a script to check if mysql crashed, so i cant restart it lol).. So my server is stuffed u until i manually start mysqld again!.....:(

Its not just you....

I think the admins arent that well trained with these things.. I had/have to use Google to find solutions myself......
 
Anyone have any ideas on a possible firewall that might work with the same fedora version on Godaddy? I'm thinking if killerwall.net?
 
Back
Top