Unable to check csf due to xtables lock. Please fix it!
That was a recent request we got from one of our customers as part of our Server Management Services.
ConfigServer Security Firewall often shows up such generic errors when restarting the service on the server.
The best way to solve this error is to enable LF_IPSET in the configuration file.
Today, let’s get into the details on how our Support Engineers fix this error for our customers.
What is this error unable to check CSF due to xtables lock?
Normally this error occurs when trying to restart the CSF firewall. CSF is a firewall configuration script created to provide better security for the server.
Recently one of our customers contacted us with this xtables lock error. He tried to restart the CSF firewall and got the error as:
Aug 15 05:07:28 lfd[1238]: *Error*: Unable to check csf due to xtables lock, enable WAITLOCK in csf.conf
How we fix the error unable to check CSF due to xtables lock?
Till now we discussed this error in detail. Now let’s see how our Support Engineers fix this error for our customers.
To resolve this error we enabled the LF_IPSET in the csf.conf file.
Ipset utility is used to set up, maintain and inspect so-called IP sets in the Linux kernel. These IP sets are stored in a fast and efficient manner that allows for quick access and search. Thus it can avoid the problem of server slow down due to a large list of firewall rules.
So we followed the below steps to enable the LF_IPSET in the csf.conf file.
1. Firstly, we logged into the server WHM.
2. Then we navigate to Home >> Plugins option.
3. Next we click on >> “ConfigServer Security & Firewall”
4. Then a new window opened and >> click on the button “Firewall configuration”
5. Next page, we got an option ‘LF_IPSET’ and change its status from ‘Off’ to ‘On’.
6. At last, we restarted the CSF firewall.
service csf restart
Also, we can make the changes in configuration via the command line.
Using the command line.
- Firstly, we log into the server via SSH.
- Then we open the csf configuration file using an editor >> vi /etc/csf/csf.conf
- Next, we search for “LF_IPSET” and changed the value from “0” to “1”
- After that, we restart csf service >> csf -r
This fixed the error for our customer and CSF started successfully.
[Need more assistance on the error unable to check csf due to xtables lock? We’ll help you.]
Conclusion
In short, the fix for Unable to check csf due to xtables lock error involves enabling the LF_IPSET in the csf.conf file. Today, we saw how our Support Engineers fixed this error for our customers.
0 Comments