Hello,
In the hosting industry the traceroute tool is a very common tool using for servers simple network status. If we install CSF in any server, the traceroute fails. So admins will think there will be some problems. As from a security view it is good to block such packets. Even though it will be good to enable the UDP_IN port rang 33434:33523 as open in default CSF configuration.
Open csf configuration file and search for UDP_IN
Quote# To allow incoming traceroute add 33434:33523 to this
UDP_IN = "20,21,53,953,33434:33523"
After that restart the csf firewall on server.
Quote# csf -r
Traceroute will work fine now :)