CSF error some missing iptables modules [4] ipt_REDIRECT…FAILED, ipt_owner, ipt_recent, iptables_nat

I have installed the CSF in the server. When I try to run the perl test in the CSF, it is giving the following error.

# perl /etc/csf/csftest.pl
Testing ip_tables/iptable_filter…OK
Testing ipt_LOG…OK
Testing ipt_multiport/xt_multiport…OK
Testing ipt_REJECT…OK
Testing ipt_state/xt_state…OK
Testing ipt_limit/xt_limit…OK
Testing ipt_recent…FAILED [Error: iptables: Unknown error 4294967295] – Required for PORTFLOOD and PORTKNOCKING features
Testing xt_connlimit…FAILED [Error: iptables: Unknown error 4294967295] – Required for CONNLIMIT feature
Testing ipt_owner/xt_owner…FAILED [Error: iptables: Unknown error 4294967295] – Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT…FAILED [Error: iptables: Unknown error 4294967295] – Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT…OKRESULT: csf will function on this server but some features will not work due to some missing iptables modules [4]

Solution:

ip_tables
ipt_state
ipt_multiport
iptable_filter
ipt_limit
ipt_LOG
ipt_REJECT
ipt_conntrack
ip_conntrack
ip_conntrack_ftp
iptable_mangle

Following modules are used for the other functionality of csf

ipt_owner
ipt_recent
iptable_nat
ipt_REDIRECT

You can check if the above modules are installed in the server or not.

# lsmod |grep -i module_name

If it is not installed then you can install it via

#modprob ipt_conntrack

You can test whether they have fixed the environment by running:

perl /etc/csf/csftest.pl

This will fix the issue.

In case of VPS like OpenVZ, Parallels Virtuozzo or etc, this might not been fixed some times. Just follow the steps below to fix the issue in the VPS container.

1. /sbin/iptables -F

2. Edit /etc/sysconfig/iptables-config

vi /etc/sysconfig/iptables-config

IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ip_conntrack_ftp ipt_conntrack ip_tables ip_conntrack_netbios_ns”

3.Edit /etc/sysconfig/vz

vi /etc/sysconfig/vz

IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ip_conntrack_ftp ipt_conntrack ip_tables ip_conntrack_netbios_ns”

4. Execute the command in the console

service vz stop

service iptables restart

service vz start