Ports are being auto-blocked

[dougwolf]

I have a customer who is polling my system (it is an API) and when he polls frequently, the system blocks ports 80 and 443. I nmap from another internal server and I see only port 22 is open. Rebooting always re-opens them.

Now, I know polling is bad and I am working with the customer to change that, but what process in the system causes this? I like to know what the causes of system problems are.

This is an important customer so I don't have much time when it goes down to check things, but is there something I can check while the system is down that would enlighten me? Is there something specific in dmesg that would be informative?

Thanks!

[TrevorH]

There is nothing in CentOS that will automatically block firewall ports. You would need to have added external programs to do that. Usually the package used for doing this is called fail2ban but there are others too - for example you can also code iptables rules to count connections and limit them to a certain number in period of time.

However, fail2ban and iptables would only block the offending ip address and from your "I nmap from another internal server and I see only port 22 is open" comment, this sounds more like your customer has crashed the httpd service. Check if it's still running and if anything is listening on ports 80/443 at the time using ss -antupl | grep -E ":80|:443" and if not, go mine your httpd logs and system logs to see why it crashed.