SOLVED CSF country block but allow DNS

seenBEST

Member
Mar 24, 2013
7
0
51
cPanel Access Level
Root Administrator
I've searched everywhere but couldn't find a solution, hopefully someone here knows a way. When using ConfigServer Firewall and configuring via WHM to use CC_DENY to block various countries, is there a way to whitelist a port or service such as DNS or exclude it from the country block? I've tested and it seems that CC_DENY also blocks a DNS lookup to the server, but in some cases Google, etc. has DNS lookups that originate in one particular country to service other, non-related countries. It would be nice to allow all port 53 traffic through all the time regardless if the country is blocked or not.

Any thoughts on how to accomplish this?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,509
567
273
cPanel Access Level
Root Administrator
Hey there! I've provided a direct link to the second post on this page which explains how you can block certain ports by country. You may just want to block 80 and 443 traffic by country, keeping UDP 53 open for DNS traffic:


Let me know if that helps!
 

seenBEST

Member
Mar 24, 2013
7
0
51
cPanel Access Level
Root Administrator
Thank you, it seems from the information provided that I can simply move my existing CC_DENY list down into CC_DENY_PORTS instead, and then specify ports other than 53 and those countries will still be able to hit DNS but not the ports I specify. I'll give that a try and let you know.