lfd 问题

嘉靖

本帖最后由 嘉靖 于 2015-11-28 16:32 编辑

今天有空登录了一下directadmin 看了一下 发现  lfd  进程被停止





启动与重启        都无反应 .
重装                 弹出
An error has occurred

详情

/sbin/service lfd reload 2>&1         

directadmin里的ConfigServer Firewall&Security 显示   防火墙状态：启用但停止




点击 start
最后的错误是 Error: The VPS iptables rule limit (numiptent) is too low (503/512) - stopping firewall to prevent iptables blocking all connections, at line 922
---------------------------下面是完整的代码报告----------------------------------
[ol]

Starting csf...

Flushing chain `INPUT'

Flushing chain `FORWARD'

Flushing chain `OUTPUT'

Flushing chain `PREROUTING'

Flushing chain `POSTROUTING'

Flushing chain `OUTPUT'

csf: FASTSTART loading DROP no logging (IPv4)

LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '

LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *TCP_OUT Blocked* '

LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '

LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *UDP_OUT Blocked* '

LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '

LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *ICMP_OUT Blocked* '

DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  

DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  

DENYOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  

DENYIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  

ALLOWOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  

ALLOWIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  

csf: FASTSTART loading Packet Filter (IPv4)

DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  

INVALID  tcp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  

INVALID  tcp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  

csf: FASTSTART loading csf.deny (IPv4)

csf: FASTSTART loading csf.allow (IPv4)

ACCEPT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  state RELATED,ESTABLISHED

ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  state RELATED,ESTABLISHED

csf: FASTSTART loading TCP_IN (IPv4)

csf: FASTSTART loading TCP_OUT (IPv4)

csf: FASTSTART loading UDP_IN (IPv4)

csf: FASTSTART loading UDP_OUT (IPv4)

ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  icmp type 8 limit: avg 1/sec burst 5

ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  icmp type 0

ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  icmp type 8

ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  icmp type 0 limit: avg 1/sec burst 5

ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  icmp type 11

ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  icmp type 3

ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  icmp type 11

ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  icmp type 3

ACCEPT  all opt -- in lo out *  0.0.0.0/0  -> 0.0.0.0/0  

ACCEPT  all opt -- in * out lo  0.0.0.0/0  -> 0.0.0.0/0  

LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  

LOGDROPIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  

csf: FASTSTART loading DNS (IPv4)

LOCALOUTPUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  

Error: The VPS iptables rule limit (numiptent) is too low (503/512) - stopping firewall to prevent iptables blocking all connections, at line 922

...Done.[/ol]复制代码

---------------------------上面是完整的代码报告----------------------------------

VPS iptables规则限制(numiptent)太低(503/512)-停止防火墙防止iptables阻塞所有连接,在第922行

请问这个怎么修改？
可SSH  
网站可以一切正常。
---------------------iptables -L -n记录---------------------------
[ol]

[root@mars ~]# iptables -L -n

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination   [/ol]复制代码
---------------------iptables -L -n记录---------------------------


-----------------csf -crs记录----------------------
[root@mars ~]# csf -crs
You have an unresolved error when starting csf:
Error: The VPS iptables rule limit (numiptent) is too low (503/512) - stopping firewall to prevent iptables blocking all connections, at line 922 in /usr/sbin/csf

You need to restart csf successfully to remove this warning, or delete /etc/csf/csf.error
-----------------csf -crs记录----------------------


-------------------------------line 922 in /usr/sbin/csf ------------------------



-------------------------------line 922 in /usr/sbin/csf ------------------------

-------------------/etc/csf/csf.error-----------------
Error: The VPS iptables rule limit (numiptent) is too low (503/512) - stopping firewall to prevent iptables blocking all connections, at line 922 in /usr/sbin/csf
-------------------/etc/csf/csf.error-----------------

机器已reboot 了很多次，同样无效。