Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Block all IP Addresses CSF

Discussion in 'Security' started by Meerkat, Aug 31, 2012.

  1. Meerkat

    Meerkat Member

    Joined:
    Dec 1, 2011
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    Hello,

    How can I block all IP addresses, except for those that are on the whitelist?

    As I'm trying to populate the whitelist using a script, so that only certain people can access the server.

    Regards,
    Karl
     
    #1 Meerkat, Aug 31, 2012
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You might do better to ask this on the CSF forums. CSF is not a cPanel product.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Infopro, Aug 31, 2012
  3. Meerkat

    Meerkat Member

    Joined:
    Dec 1, 2011
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    I have done, but had no reply as of yet.
     
    #3 Meerkat, Sep 1, 2012
  4. niladam

    niladam Member

    Joined:
    Aug 29, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    51
    Location:
    Romania
    cPanel Access Level:
    Root Administrator
    If i remember correctly, csf already blocks all IPs. If you need to whitelist, there's /etc/csf.* to read. Also, the csf readme does shed some light.
     
    #4 niladam, Sep 3, 2012
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello Karl,

    For what service(s) are you trying to block all users? Is it just SSH or every single port, including port 80?

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 cPanelTristan, Sep 3, 2012
  6. Lik

    Lik Member
    PartnerNOC

    Joined:
    Dec 9, 2008
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    51
    The easiest way to block incoming and outgoing conections except of whitelisted IPs is to issue the following:

    csf -d 0.0.0.0/0 "block all connections"

    Be carefull and ensure that your IP is whitelisted
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 Lik, Sep 3, 2012
  7. Deker

    Deker Well-Known Member

    Joined:
    Feb 15, 2011
    Messages:
    87
    Likes Received:
    3
    Trophy Points:
    58
    What is the reverse command of this command?

     
    #7 Deker, Oct 13, 2012
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello,

    Running a command without knowing what that command does is very dangerous. The command provided by Lik does just what was stated. It blocks every single IP for every single service on the machine. It's a very dangerous command to issue for someone unfamiliar with firewall administration.

    You can remove the entry if you go to /etc/csf/csf.deny and remove the line. At that point, restart CSF:

    Code:
    csf -r
    It would be dandy if people would go to CSF forum to make comments on usage for the product and make suggestions there on commands to run. CSF is a third-party product. We don't control or maintain it.

    Thanks all!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 cPanelTristan, Oct 14, 2012
  9. Lik

    Lik Member
    PartnerNOC

    Joined:
    Dec 9, 2008
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    51
    Most likely you were looking for the following command:

    Code:
    csf -dr 0.0.0.0/0
    It`s true, that such commands are very dangerous and should not be applied blindly. The best thing is that CSF is dynamic firewall management software and supports temporary rules. So in this particular case we can also use the following syntax to block all in/out connections for 60 seconds:

    Code:
    # csf -td 0.0.0.0/0 60 -d inout "block all in/out connections for 60 seconds"
DROP  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
DROP  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
csf: 0.0.0.0/0 blocked on port * for 60 seconds in and outbound
# csf -t

A/D   IP address                               Port   Dir   Time To Live     Comment
DENY  0.0.0.0/0                                  *    inout 54s              block all in/out connections for 60 seconds

# csf -tr 0.0.0.0/0
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #9 Lik, Jan 29, 2014
  10. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    There's an easy solution here.

    make sure you csf -a $yourIP first, so you're whitelisted.

    Then just remove all inbound allowed TCP ports from CSF config. Whitelisted IP's bypass closed ports. Restart csf, Problem solved.
     
    #10 quizknows, Jan 29, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - Block Addresses
  1. Laz

    Block IP addresses that trigger repeated ModSecurity warnings?

    Laz, Jun 18, 2018, in forum: Security
    Replies:
    1
    Views:
    180
    cPanelLauren
    Jun 19, 2018
  2. dabihsss

    Block all outgoing emails and only allow specific addresses?

    dabihsss, Apr 6, 2018, in forum: E-mail Discussion
    Replies:
    5
    Views:
    268
    cPanelLauren
    Apr 9, 2018
  3. Danny D'Ambrosio

    Block email addresses

    Danny D'Ambrosio, Feb 6, 2017, in forum: E-mail Discussion
    Replies:
    2
    Views:
    912
    cPanelMichael
    Feb 6, 2017
  4. Buzz50

    How to block IPv6 IP addresses from website or server

    Buzz50, Sep 20, 2016, in forum: Security
    Replies:
    2
    Views:
    2,584
    cPanelMichael
    Oct 10, 2016
  5. pixelaté

    SOLVED SMTP Restrictions Disabled but Still Blocked

    pixelaté, Aug 14, 2018 at 11:21 PM, in forum: Security
    Replies:
    4
    Views:
    56
    cPanelMichael
    Aug 16, 2018 at 9:50 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice