Dedicated Ip and CSF/LFD (firewall) relation

ougogo

Well-Known Member
Dec 28, 2012
52
1
58
cPanel Access Level
Root Administrator
Hi all !

I've a cPanel server with ip 1.1.1.1
I've give a dedicated Ip for one customer : 2.2.2.2

I want to know if it is possible for a user to be banned from 1.1.1.1 but he can continue to access 2.2.2.2 ?
And vice versa ?

Best regards,
Hugo
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,261
463
Hello :)

I have moved this thread to the "Security" forum on your behalf. Note that questions pertaining to specific firewall applications such as CSF will likely get more answers directly on the support forums of the application.

Thank you.
 

ougogo

Well-Known Member
Dec 28, 2012
52
1
58
cPanel Access Level
Root Administrator
Thanks.

You have certainly true.
But I think that CSF/LFD is used by a lot of cPanel users, so someone is already certainly asked the question.

Best regards,
Hugo
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
Hugo,

I do not see a way to do this in the CSF documentation; I don't see a way to provide both source and destination IP to a rule, only one or the other. Consult the readme here:

http://configserver.com/free/csf/readme.txt

10. Advanced Allow/Deny Filters
###############################

In /etc/csf.allow and /etc/csf.deny you can add more complex port and ip
filters using the following format (you must specify a port AND an IP address):

tcp/udp|in/out|s/d=port|s/d=ip|u=uid

Broken down:

tcp/udp : EITHER tcp OR udp OR icmp protocol
in/out : EITHER incoming OR outgoing connections
s/d=port : EITHER source OR destination port number (or ICMP type)
(use a _ for a port range, e.g. 2000_3000)
s/d=ip : EITHER source OR destination IP address
u/g=UID : EITHER UID or GID of source packet, implies outgoing connections,
s/d=IP value is ignored

Note: ICMP filtering uses the "port" for s/d=port to set the ICMP type.
Whether you use s or d is not relevant as either simply uses the iptables
--icmp-type option. Use "iptables -p icmp -h" for a list of valid ICMP types.
Only one type per filter is supported

Examples:

# TCP connections inbound to port 3306 from IP 11.22.33.44
tcp|in|d=3306|s=11.22.33.44

# TCP connections outbound to port 22 on IP 11.22.33.44
tcp|out|d=22|d=11.22.33.44

Note| If omitted, the default protocol is set to "tcp", the default connection
direction is set to "in", so|

# TCP connections inbound to port 22 from IP 44.33.22.11
d=22|s=44.33.22.11

# TCP connections outbound to port 80 from UID 99
tcp|out|d=80||u=99

# ICMP connections inbound for type ping from 44.33.22.11
icmp|in|d=ping|s=44.33.22.11

# TCP connections inbound to port 22 from Dynamic DNS address
# ConfigServer Services (for use in csf.dyndns only)
tcp|in|d=22|s=www.configserver.com