Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Block all IP Addresses CSF

Discussion in 'Security' started by Meerkat, Aug 31, 2012.

  1. Meerkat

    Meerkat Member

    Joined:
    Dec 1, 2011
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    Hello,

    How can I block all IP addresses, except for those that are on the whitelist?

    As I'm trying to populate the whitelist using a script, so that only certain people can access the server.

    Regards,
    Karl
     
    #1 Meerkat, Aug 31, 2012
  2. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,764
    Likes Received:
    457
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You might do better to ask this on the CSF forums. CSF is not a cPanel product.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Infopro, Aug 31, 2012
  3. Meerkat

    Meerkat Member

    Joined:
    Dec 1, 2011
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    I have done, but had no reply as of yet.
     
    #3 Meerkat, Sep 1, 2012
  4. niladam

    niladam Member

    Joined:
    Aug 29, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    51
    Location:
    Romania
    cPanel Access Level:
    Root Administrator
    If i remember correctly, csf already blocks all IPs. If you need to whitelist, there's /etc/csf.* to read. Also, the csf readme does shed some light.
     
    #4 niladam, Sep 3, 2012
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    33
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello Karl,

    For what service(s) are you trying to block all users? Is it just SSH or every single port, including port 80?

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 cPanelTristan, Sep 3, 2012
  6. Lik

    Lik Member PartnerNOC

    Joined:
    Dec 9, 2008
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    51
    The easiest way to block incoming and outgoing conections except of whitelisted IPs is to issue the following:

    csf -d 0.0.0.0/0 "block all connections"

    Be carefull and ensure that your IP is whitelisted
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 Lik, Sep 3, 2012
  7. Deker

    Deker Well-Known Member

    Joined:
    Feb 15, 2011
    Messages:
    99
    Likes Received:
    4
    Trophy Points:
    58
    cPanel Access Level:
    Root Administrator
    What is the reverse command of this command?

     
    #7 Deker, Oct 13, 2012
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    33
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello,

    Running a command without knowing what that command does is very dangerous. The command provided by Lik does just what was stated. It blocks every single IP for every single service on the machine. It's a very dangerous command to issue for someone unfamiliar with firewall administration.

    You can remove the entry if you go to /etc/csf/csf.deny and remove the line. At that point, restart CSF:

    Code:
    csf -r
    It would be dandy if people would go to CSF forum to make comments on usage for the product and make suggestions there on commands to run. CSF is a third-party product. We don't control or maintain it.

    Thanks all!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 cPanelTristan, Oct 14, 2012
  9. Lik

    Lik Member PartnerNOC

    Joined:
    Dec 9, 2008
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    51
    Most likely you were looking for the following command:

    Code:
    csf -dr 0.0.0.0/0
    It`s true, that such commands are very dangerous and should not be applied blindly. The best thing is that CSF is dynamic firewall management software and supports temporary rules. So in this particular case we can also use the following syntax to block all in/out connections for 60 seconds:

    Code:
    # csf -td 0.0.0.0/0 60 -d inout "block all in/out connections for 60 seconds"
DROP  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
DROP  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
csf: 0.0.0.0/0 blocked on port * for 60 seconds in and outbound
# csf -t

A/D   IP address                               Port   Dir   Time To Live     Comment
DENY  0.0.0.0/0                                  *    inout 54s              block all in/out connections for 60 seconds

# csf -tr 0.0.0.0/0
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #9 Lik, Jan 29, 2014
  10. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,008
    Likes Received:
    86
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    There's an easy solution here.

    make sure you csf -a $yourIP first, so you're whitelisted.

    Then just remove all inbound allowed TCP ports from CSF config. Whitelisted IP's bypass closed ports. Restart csf, Problem solved.
     
    #10 quizknows, Jan 29, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - Block Addresses
  1. CharlesGLondon

    New Thread Block spam email addresses in WHM?

    CharlesGLondon, Mar 22, 2019 at 8:13 AM, in forum: E-mail Discussion
    Replies:
    1
    Views:
    57
    keat63
    Mar 22, 2019 at 9:15 AM
  2. jtgroup

    Block e-mail addresses from e-mailing any user on server

    jtgroup, Mar 4, 2019, in forum: E-mail Discussion
    Replies:
    5
    Views:
    235
    cPanelMichael
    Mar 4, 2019
  3. Laz

    Block IP addresses that trigger repeated ModSecurity warnings?

    Laz, Jun 18, 2018, in forum: Security
    Replies:
    1
    Views:
    1,400
    cPanelLauren
    Jun 19, 2018
  4. dabihsss

    Block all outgoing emails and only allow specific addresses?

    dabihsss, Apr 6, 2018, in forum: E-mail Discussion
    Replies:
    5
    Views:
    808
    cPanelLauren
    Apr 9, 2018
  5. Dan70

    cpHulk & Firewall not blocking IP

    Dan70, Mar 20, 2019 at 2:07 PM, in forum: Security
    Replies:
    10
    Views:
    87
    Dan70
    Mar 20, 2019 at 3:35 PM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice