Block all IP Addresses CSF

Meerkat

Member
Dec 1, 2011
10
0
51
cPanel Access Level
Root Administrator
Hello,

How can I block all IP addresses, except for those that are on the whitelist?

As I'm trying to populate the whitelist using a script, so that only certain people can access the server.

Regards,
Karl
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,606
33
238
somewhere over the rainbow
cPanel Access Level
Root Administrator
Hello Karl,

For what service(s) are you trying to block all users? Is it just SSH or every single port, including port 80?

Thanks!
 

Lik

Member
PartnerNOC
Dec 9, 2008
10
0
51
The easiest way to block incoming and outgoing conections except of whitelisted IPs is to issue the following:

csf -d 0.0.0.0/0 "block all connections"

Be carefull and ensure that your IP is whitelisted
 

Deker

Well-Known Member
Feb 15, 2011
99
4
58
cPanel Access Level
Root Administrator
What is the reverse command of this command?

The easiest way to block incoming and outgoing conections except of whitelisted IPs is to issue the following:

csf -d 0.0.0.0/0 "block all connections"

Be carefull and ensure that your IP is whitelisted
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,606
33
238
somewhere over the rainbow
cPanel Access Level
Root Administrator
Hello,

Running a command without knowing what that command does is very dangerous. The command provided by Lik does just what was stated. It blocks every single IP for every single service on the machine. It's a very dangerous command to issue for someone unfamiliar with firewall administration.

You can remove the entry if you go to /etc/csf/csf.deny and remove the line. At that point, restart CSF:

Code:
csf -r
It would be dandy if people would go to CSF forum to make comments on usage for the product and make suggestions there on commands to run. CSF is a third-party product. We don't control or maintain it.

Thanks all!
 

Lik

Member
PartnerNOC
Dec 9, 2008
10
0
51
Most likely you were looking for the following command:

Code:
csf -dr 0.0.0.0/0
It`s true, that such commands are very dangerous and should not be applied blindly. The best thing is that CSF is dynamic firewall management software and supports temporary rules. So in this particular case we can also use the following syntax to block all in/out connections for 60 seconds:

Code:
# csf -td 0.0.0.0/0 60 -d inout "block all in/out connections for 60 seconds"
DROP  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
DROP  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
csf: 0.0.0.0/0 blocked on port * for 60 seconds in and outbound
# csf -t

A/D   IP address                               Port   Dir   Time To Live     Comment
DENY  0.0.0.0/0                                  *    inout 54s              block all in/out connections for 60 seconds

# csf -tr 0.0.0.0/0
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
86
78
cPanel Access Level
DataCenter Provider
There's an easy solution here.

make sure you csf -a $yourIP first, so you're whitelisted.

Then just remove all inbound allowed TCP ports from CSF config. Whitelisted IP's bypass closed ports. Restart csf, Problem solved.