Block all IP Addresses CSF

[Meerkat]

Hello,

How can I block all IP addresses, except for those that are on the whitelist?

As I'm trying to populate the whitelist using a script, so that only certain people can access the server.

Regards,
Karl

 

[Infopro]

You might do better to ask this on the CSF forums. CSF is not a cPanel product.

 

[Meerkat]

You might do better to ask this on the CSF forums. CSF is not a cPanel product.

I have done, but had no reply as of yet.

 

[niladam]

If i remember correctly, csf already blocks all IPs. If you need to whitelist, there's /etc/csf.* to read. Also, the csf readme does shed some light.

 

[cPanelTristan]

Hello Karl,

For what service(s) are you trying to block all users? Is it just SSH or every single port, including port 80?

Thanks!

 

[Lik]

The easiest way to block incoming and outgoing conections except of whitelisted IPs is to issue the following:

csf -d 0.0.0.0/0 "block all connections"

Be carefull and ensure that your IP is whitelisted

 

[Deker]

What is the reverse command of this command?

The easiest way to block incoming and outgoing conections except of whitelisted IPs is to issue the following:

csf -d 0.0.0.0/0 "block all connections"

Be carefull and ensure that your IP is whitelisted

 

[cPanelTristan]

Hello,

Running a command without knowing what that command does is very dangerous. The command provided by Lik does just what was stated. It blocks every single IP for every single service on the machine. It's a very dangerous command to issue for someone unfamiliar with firewall administration.

You can remove the entry if you go to /etc/csf/csf.deny and remove the line. At that point, restart CSF:

csf -r

It would be dandy if people would go to CSF forum to make comments on usage for the product and make suggestions there on commands to run. CSF is a third-party product. We don't control or maintain it.

Thanks all!

 

[Lik]

Most likely you were looking for the following command:

csf -dr 0.0.0.0/0

It`s true, that such commands are very dangerous and should not be applied blindly. The best thing is that CSF is dynamic firewall management software and supports temporary rules. So in this particular case we can also use the following syntax to block all in/out connections for 60 seconds:

# csf -td 0.0.0.0/0 60 -d inout "block all in/out connections for 60 seconds"
DROP  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
DROP  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
csf: 0.0.0.0/0 blocked on port * for 60 seconds in and outbound
# csf -t

A/D   IP address                               Port   Dir   Time To Live     Comment
DENY  0.0.0.0/0                                  *    inout 54s              block all in/out connections for 60 seconds

# csf -tr 0.0.0.0/0

 

[quizknows]

There's an easy solution here.

make sure you csf -a $yourIP first, so you're whitelisted.

Then just remove all inbound allowed TCP ports from CSF config. Whitelisted IP's bypass closed ports. Restart csf, Problem solved.