The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Block all IP Addresses CSF

Discussion in 'Security' started by Meerkat, Aug 31, 2012.

  1. Meerkat

    Meerkat Member

    Joined:
    Dec 1, 2011
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    How can I block all IP addresses, except for those that are on the whitelist?

    As I'm trying to populate the whitelist using a script, so that only certain people can access the server.

    Regards,
    Karl
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You might do better to ask this on the CSF forums. CSF is not a cPanel product.
     
  3. Meerkat

    Meerkat Member

    Joined:
    Dec 1, 2011
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I have done, but had no reply as of yet.
     
  4. niladam

    niladam Member

    Joined:
    Aug 29, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Romania
    cPanel Access Level:
    Root Administrator
    If i remember correctly, csf already blocks all IPs. If you need to whitelist, there's /etc/csf.* to read. Also, the csf readme does shed some light.
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello Karl,

    For what service(s) are you trying to block all users? Is it just SSH or every single port, including port 80?

    Thanks!
     
  6. Lik

    Lik Member
    PartnerNOC

    Joined:
    Dec 9, 2008
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    The easiest way to block incoming and outgoing conections except of whitelisted IPs is to issue the following:

    csf -d 0.0.0.0/0 "block all connections"

    Be carefull and ensure that your IP is whitelisted
     
  7. Deker

    Deker Well-Known Member

    Joined:
    Feb 15, 2011
    Messages:
    79
    Likes Received:
    1
    Trophy Points:
    8
    What is the reverse command of this command?

     
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello,

    Running a command without knowing what that command does is very dangerous. The command provided by Lik does just what was stated. It blocks every single IP for every single service on the machine. It's a very dangerous command to issue for someone unfamiliar with firewall administration.

    You can remove the entry if you go to /etc/csf/csf.deny and remove the line. At that point, restart CSF:

    Code:
    csf -r
    It would be dandy if people would go to CSF forum to make comments on usage for the product and make suggestions there on commands to run. CSF is a third-party product. We don't control or maintain it.

    Thanks all!
     
  9. Lik

    Lik Member
    PartnerNOC

    Joined:
    Dec 9, 2008
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Most likely you were looking for the following command:

    Code:
    csf -dr 0.0.0.0/0
    It`s true, that such commands are very dangerous and should not be applied blindly. The best thing is that CSF is dynamic firewall management software and supports temporary rules. So in this particular case we can also use the following syntax to block all in/out connections for 60 seconds:

    Code:
    # csf -td 0.0.0.0/0 60 -d inout "block all in/out connections for 60 seconds"
    DROP  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
    DROP  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
    csf: 0.0.0.0/0 blocked on port * for 60 seconds in and outbound
    # csf -t
    
    A/D   IP address                               Port   Dir   Time To Live     Comment
    DENY  0.0.0.0/0                                  *    inout 54s              block all in/out connections for 60 seconds
    
    # csf -tr 0.0.0.0/0
     
  10. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    There's an easy solution here.

    make sure you csf -a $yourIP first, so you're whitelisted.

    Then just remove all inbound allowed TCP ports from CSF config. Whitelisted IP's bypass closed ports. Restart csf, Problem solved.
     
Loading...

Share This Page