Continued issue with IPTables Service Stopping/Failing since 1.4.12

Hi all,

I’m wondering if others are experiencing the same issue with iptables service stopping/failing. I cant remember exactly when this issue started, but I think it was around version 1.4.12 or 1.4.11 update. Ever since then, I have been having issues with IPtables service stopping. I’m not even sure what it happens.

I only notice it happens because I have a weekly error log email report sent by my server which includes the tail end of /var/log/hestia/error.log.

I will see something like this in the error report:

2021-09-19 00:22:52 v-add-firewall-ipset ‘blacklist-malicious-ips’ ‘’ ‘’ ‘’ ‘yes’ [Error 2]
2021-09-19 00:22:52 v-add-firewall-ipset ‘blacklist-ukraine’ ‘’ ‘’ ‘’ ‘yes’ [Error 4]
2021-09-19 00:22:52 v-add-firewall-ipset ‘blacklist-romania’ ‘’ ‘’ ‘’ ‘yes’ [Error 4]
2021-09-19 00:22:52 v-add-firewall-ipset ‘blacklist-russia’ ‘’ ‘’ ‘’ ‘yes’ [Error 4]
2021-09-19 00:22:52 v-add-firewall-ipset ‘blacklist-china’ ‘’ ‘’ ‘’ ‘yes’ [Error 4]

And then if I log into the server and check the settings page, I will see that iptables is not running.

This is a huge security issue which I would like to see if anyone knows why this is happening. The server rebooted just fine and indicates Iptables is running. I don’t touch the server for weeks and suddenly iptables is no longer running. This was not an issue previously and something that has come up in the past few months.

No known issues here. What happens when you disable the block lists? How much ram you got? What’s your os?

Error for does mean E_EXIST so it allready exists.

Have not seen the issue yet…

I see. I haven’t tested leaving the block lists disabled. I could do that if it will help troubleshoot this issue. The issue appears to be random, as I’m not sure when it happens. I only notice it when I see these errors in the log report whenever I get the weekly email report.

I have 2GB of ram with 2GB of swap running Ubuntu 20.04. Load average on the server is usually around 0.08 - 0.18. It only runs 3 Wordpress sites which get very low traffic.

What do you suggest I should do. Just disable the block lists and give it another week or two to see if the issue returns and report back here?

The issue continues to be present. I notice the issue every weekend when my weekly log report runs. I then restart the IPtables service and it appears to work for a while. I’m not sure what is causing it to fail.

I checked it this Sunday and it was stopped/failed. I restarted it and it started fine. I just checked it today (Wednesday) and it has failed again. I decided to just delete all the block lists (Russia, China, the usual suspects) and have restarted iptables again.

I will check back in a few days to see if the service is running or not.

Is there a known issue with the block lists? Or perhaps there is an issue with one of the latest updates and if block lists were already existing, it’s causing an issue. Why is the suggestion to test removing the block list to see if the issue resolves?

Please note that iptables is not a service you can’t start / stop it like

Hestia “Checks” if iptables is “active” by checking if a line is present when you run iptables -S

if $(iptables -S INPUT | grep -qx '\-P INPUT DROP'); then

And nothing more…

I have been using IPset without any issue for over an year so I don’t know why it is going wrong…

Reinstall iptables, ipset and iptables-persistent.

Well it’s been 2 days since I deleted the block lists and restarted iptables. So far, iptables is still running. I will check again after a full week. So perhaps it’s an issue with the block lists.

So it’s been more than a week now and IPTables has been running without any issue. So it seems it’s an issue / bug with the blacklist/ban lists.

Should I try to add these block lists again to see if the resolve is resolved? Is it possible, it was an issue resulting from upgrading Hestia while these block lists where already added. Perhaps it created some conflict?

There have been no other reports about this being an issue?

You can try to re-add the blocks, but we cant answer the other questions just becazse we dont know it - we dont have had any systems with a similar issue. You would need to do the further debug on your own.

I have had this issue in the past, which was relatively much earlier. Like before 4 - 5 years. At that time, I used Vestacp and it had nothing to do with the iptables. Then, and now, I used CSF.

Then, I had believed that CSF has some bugs. They regularly update it and maybe a nasty one entered. The worst was, it created a file csf.error and thereafter did not restart any more. The admin was not informed by an email. That is how it is even today.

Finally, I found either the tables or the iptables binary was corrupted. I identified a pattern after a few days. The solution was to reinstall iptables. The error immediately disappeared.

Therefore, I suggested you to reinstall. This issue HAS NOTHING TO DO WITH HESTIA!

Thanks @ScIT and @Deepak

As it seems the issue has resolved itself, since removing the block lists, I have added them back now. I will see if it continues to work. If the issue returns, I will give Deepak’s suggestion a try. But given that I removed the block lists and iptables has not stopped since, I’m thinking it has something to do with those block lists.

Providing an update for anyone else that comes across this thread. This issue has resolved. I assume it had to do with some cache or issue caused by upgrading Hestia and having these rules applied. The only thing I did was removed the IP block lists and then reapplied them.

So, if you find this thread and having an issue with Iptables appearing to not running and you are using the IP block lists. Try removing them, then re-adding them and restarting iptables or your server. This fixed the issue for me.

1 Like

Another update on this issue. It appears to continue to be an issue. IPTables randomly appears to be disabled. Today I just decided to remove all the IP block lists added by Hestia. I will operate without these enabled to see if this fixes the issues (i.e. no more Iptables being randomly disabled/turned off).

I have disabled the IP block lists and rebooted the server. IPTables appears to be running and started as expected. I will leave the server untouched for a few weeks and then check again to see if iptables is still running.

Hopefully this will confirm its a bug or something that has to do with the IP block lists in hestia and how it applies them. I am getting errors in the hestia log files related to these block lists, so I assume it’s related, however, it seems nobody else is seeing this issue. So strange…maybe nobody is using the russian and Chinese block lists?

I only “allow” NL ips to ssh / hestia port and nothing more… Haven’t seen any issues with it before…

It’s been a week now. I just logged in and Iptables is still running with no issue.

I will report back in another week, but it definitely appears to be an issue when I use Hestia’s blacklist in the managed IP lists feature. Now that I have removed all of these and I do not enable them, IPtables appears to now be stable and does not turn off by itself.

1.5.0 contains a few bug regarding ipset will be addressed in next release…

thanks for the update @eris. I haven’t logged into the HestiaCP forum for a while. I had to come back here today, because the 1.5.5 release broke things for updating. Thanks for your other post, it made it easy to resolve the issue and get to 1.5.7.

Regarding the above issue and iptables failing when I was using block lists. Does your last post here imply that it was in fact an issue and now it’s been resolved? I’m asking, because I have would like to re-enable the country block lists if the issue has now been resolved and Iptables won’t fail after I do it.