In CSF,
Questions:
1. what gets processed first - permit lists or block lists?
2. What about permitted ports defined in the "General Configuration -> IPv4 Port Settings" versus the IP permit/block lists - what comes first?
3. I presume a more specific block (x.x.x.x/32) overrides a more general permit (x.x.x.0/24) ? Can anyone verify this?
Issues:
1. I have a certain range added to the permit lists, but a user was trying to login via that permitted range with a bad password. After 5 bad attempts cpHulk added that users IP to the block list. Is there a way to add a range that never gets blocked by a more specific IP?
2. I am with GoDaddy, they have a service called "Nydus" that requires port 2224 in order for it to work. Nydus is their client portal "Dashboard" that checks the WHM for access to monitor services and general settings access (like a jump site) into WHM or the various cPanels hosted on the server. If Nydus can see/connect to my server on port 2224 all the "options" on the Dashboard are enabled, if it can't see the server, all the options are disabled. I have the following in my csf.allow file:
tcp|in|d=2224|s=10.26.0.0/16
tcp|in|d=2223|s=10.26.0.0/16
Last week we saw Nydus servers being blocked in the iptables so we whitelisted 10.26.0.0/18 to cpHulk and then Dashboard was able to work again. This week, with 10.16.0.0/18 being whitelisted in both cpHulk and CSF, the Dashboard is not working again. When CSF is enabled, the "Dashboard" Nydus service fails to connect/see my WHM, thus all the dashboard "options" are disabled. When I disable CSF, Nydus can see the server and all of the Dashboard "options" become available.
So, CSF is blocking Nydus even with the IPs and the Ports being white listed in both cpHulk and CSF. I don't see any blocks anywhere - what else do I need to look at or configure to ensure the GoDaddy Nydus server is able to connect to my WHM and doesnt' get blocked?
Questions:
1. what gets processed first - permit lists or block lists?
2. What about permitted ports defined in the "General Configuration -> IPv4 Port Settings" versus the IP permit/block lists - what comes first?
3. I presume a more specific block (x.x.x.x/32) overrides a more general permit (x.x.x.0/24) ? Can anyone verify this?
Issues:
1. I have a certain range added to the permit lists, but a user was trying to login via that permitted range with a bad password. After 5 bad attempts cpHulk added that users IP to the block list. Is there a way to add a range that never gets blocked by a more specific IP?
2. I am with GoDaddy, they have a service called "Nydus" that requires port 2224 in order for it to work. Nydus is their client portal "Dashboard" that checks the WHM for access to monitor services and general settings access (like a jump site) into WHM or the various cPanels hosted on the server. If Nydus can see/connect to my server on port 2224 all the "options" on the Dashboard are enabled, if it can't see the server, all the options are disabled. I have the following in my csf.allow file:
tcp|in|d=2224|s=10.26.0.0/16
tcp|in|d=2223|s=10.26.0.0/16
Last week we saw Nydus servers being blocked in the iptables so we whitelisted 10.26.0.0/18 to cpHulk and then Dashboard was able to work again. This week, with 10.16.0.0/18 being whitelisted in both cpHulk and CSF, the Dashboard is not working again. When CSF is enabled, the "Dashboard" Nydus service fails to connect/see my WHM, thus all the dashboard "options" are disabled. When I disable CSF, Nydus can see the server and all of the Dashboard "options" become available.
So, CSF is blocking Nydus even with the IPs and the Ports being white listed in both cpHulk and CSF. I don't see any blocks anywhere - what else do I need to look at or configure to ensure the GoDaddy Nydus server is able to connect to my WHM and doesnt' get blocked?
Last edited by a moderator:
