How to control limit outgoing traffic CSF Firewall

[joaosavioli]

Hello,

I had a problem last friday when my server was used (maybe a php script in a user account) to send ddos attack to udp port 53 in another server.
I fixed it closing outgoing udp port 53 for world and opening only to some dns ip that I need.

The problem is that outgoing tcp ports like 80 and 443 are open, and this problem can happen in these outgoing ports.

Is it possible control the limit os packages outgoing by these ports using csf firewall? Any other idea for help me?

Cheers!
Joao

 

[24x7server]

Hi,

Is it possible control the limit os packages outgoing by these ports using csf firewall? Any other idea for help me?

I have never seen this. You can limit the outgoing ports, but limiting IP is something that is not possible. You may have to check out with your DC whether a hardware firewall can do this for you.

 

[joaosavioli]

Hi,

Limit ip is too easy. You can only don't open the port in csf.conf, and edit csf.allow for open, like this:
udput:d=53:d=8.8.8.8

My question is about traffic limit in outgoing 80 and 443 tcp ports. Do you know if is possible with custom iptables rules?

Cheers!
Joao

 

[cPanelLauren]

While CSF is a 3rd party software and details on CSF configuration should be addressed within their forums here: ConfigServer Community Forum - Index page

The following in the CSF configuration may be helpful to you as they address port flood protection and UDP outgoing Flood protection:

# Port Flood Protection. This option configures iptables to offer protection
# from DOS attacks against specific ports. This option limits the number of
# new connections per time interval that can be made to specific ports
#
# This feature does not work on servers that do not have the iptables module
# ipt_recent loaded. Typically, this will be with MONOLITHIC kernels. VPS
# server admins should check with their VPS host provider that the iptables
# module is included
#
# For further information and syntax refer to the Port Flood Protection
# section of the csf readme.txt
#
# Note: Run /etc/csf/csftest.pl to check whether this option will function on
# this server
PORTFLOOD = ""

# Outgoing UDP Flood Protection. This option limits outbound UDP packet floods.
# These typically originate from exploit scripts uploaded through vulnerable
# web scripts. Care should be taken on servers that use services that utilise
# high levels of UDP outbound traffic, such as SNMP, so you may need to alter
# the UDPFLOOD_LIMIT and UDPFLOOD_BURST options to suit your environment
#
# We recommend enabling User ID Tracking (UID_INTERVAL) with this feature
UDPFLOOD = "0"
UDPFLOOD_LIMIT = "100/s"
UDPFLOOD_BURST = "500"