Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to control limit outgoing traffic CSF Firewall

Discussion in 'Security' started by joaosavioli, Jun 10, 2018.

  1. joaosavioli

    joaosavioli Well-Known Member

    Joined:
    Feb 7, 2008
    Messages:
    49
    Likes Received:
    10
    Trophy Points:
    58
    Hello,

    I had a problem last friday when my server was used (maybe a php script in a user account) to send ddos attack to udp port 53 in another server.
    I fixed it closing outgoing udp port 53 for world and opening only to some dns ip that I need.

    The problem is that outgoing tcp ports like 80 and 443 are open, and this problem can happen in these outgoing ports.

    Is it possible control the limit os packages outgoing by these ports using csf firewall? Any other idea for help me?

    Cheers!
    Joao
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,888
    Likes Received:
    90
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    I have never seen this. You can limit the outgoing ports, but limiting IP is something that is not possible. You may have to check out with your DC whether a hardware firewall can do this for you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. joaosavioli

    joaosavioli Well-Known Member

    Joined:
    Feb 7, 2008
    Messages:
    49
    Likes Received:
    10
    Trophy Points:
    58
    Hi,

    Limit ip is too easy. You can only don't open the port in csf.conf, and edit csf.allow for open, like this:
    udp:eek:ut:d=53:d=8.8.8.8

    My question is about traffic limit in outgoing 80 and 443 tcp ports. Do you know if is possible with custom iptables rules?

    Cheers!
    Joao
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,838
    Likes Received:
    276
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    While CSF is a 3rd party software and details on CSF configuration should be addressed within their forums here: ConfigServer Community Forum - Index page

    The following in the CSF configuration may be helpful to you as they address port flood protection and UDP outgoing Flood protection:

    Code:
    # Port Flood Protection. This option configures iptables to offer protection
    # from DOS attacks against specific ports. This option limits the number of
    # new connections per time interval that can be made to specific ports
    #
    # This feature does not work on servers that do not have the iptables module
    # ipt_recent loaded. Typically, this will be with MONOLITHIC kernels. VPS
    # server admins should check with their VPS host provider that the iptables
    # module is included
    #
    # For further information and syntax refer to the Port Flood Protection
    # section of the csf readme.txt
    #
    # Note: Run /etc/csf/csftest.pl to check whether this option will function on
    # this server
    PORTFLOOD = ""
    
    # Outgoing UDP Flood Protection. This option limits outbound UDP packet floods.
    # These typically originate from exploit scripts uploaded through vulnerable
    # web scripts. Care should be taken on servers that use services that utilise
    # high levels of UDP outbound traffic, such as SNMP, so you may need to alter
    # the UDPFLOOD_LIMIT and UDPFLOOD_BURST options to suit your environment
    #
    # We recommend enabling User ID Tracking (UID_INTERVAL) with this feature
    UDPFLOOD = "0"
    UDPFLOOD_LIMIT = "100/s"
    UDPFLOOD_BURST = "500"
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice