Results 1 to 6 of 6
Thread: CSF advanced rules
-
06-16-2014, 10:58 AM #1Disabled
- Join Date
- Jun 2005
- Posts
- 3,455
CSF advanced rules
To be honest one of the things I dislike about CSF is that its to basic in terms of adding an IP (all ports) or blocking it. I need to set up "per protocol, per IP, etc"
The readme it explains you can have advanced rules:
tcp/udp|in/out|s/d=port|s/d=ip|u=uid
Broken down:
tcp/udp : EITHER tcp OR udp OR icmp protocol
in/out : EITHER incoming OR outgoing connections
s/d=port : EITHER source OR destination port number (or ICMP type)
(use a _ for a port range, e.g. 2000_3000)
s/d=ip : EITHER source OR destination IP address
u/g=UID : EITHER UID or GID of source packet, implies outgoing connections,
s/d=IP value is ignored
Examples:
# TCP connections inbound to port 3306 from IP 11.22.33.44
tcp|in|d=3306|s=11.22.33.44
Ok that is something, but it does not clarify if you can combine the options. Example both destination and source port, or in and out in the same rule:
Does CSF support this for example?
tcp|in|out|s=3306|d=4045|s=11.22.33.44
The readme does not say this and I could not find if this is supported.
I usually create them directly in IPtables, but for some reasons a servers with CSF does not like rules directly in Iptables anymore, they are ignored. So I assume you have now to do everything via CSF.
Is there a way to create advanced rules in CSF or if not, just tell it to read the rules from iptables and also use those?
-
06-16-2014, 11:04 AM #2Aspiring Evangelist
- Join Date
- Apr 2013
- Location
- Outskirts of Milky Way
- Posts
- 391
The Configserver folks are responsive to questions about their products through their support.
The Configserver Forums is also a good place to ask questions about CSF.
-
06-22-2014, 08:09 PM #3Web Hosting Master
- Join Date
- Nov 2004
- Location
- Australia
- Posts
- 1,737
At a guess I'd think this could work; the only way to know for sure is to test it.
Would be most grateful, if you do test it, if you could let us know the result here.
-
06-22-2014, 08:21 PM #4Web Hosting Master
- Join Date
- Oct 2012
- Location
- Europe and USA
- Posts
- 991
You can't combine in/out in one command, but you can run 2 separate commands.
For example
Code:csf -d "tcp|in|d=4045|s=11.22.33.44" csf -d "tcp|out|d=4045|d=11.22.33.44"
/etc/csf/csfpost.sh
CSF will run them automatically after it has finished starting, so they will not be ignored.★ NetworkPanda :: Web Hosting SSD Powered :: Reseller Hosting
★ Instant activation, fast servers, NVMe SSD disks, cPanel, Softaculous 1-click apps installer, daily backups
★ Multiple hosting locations: USA, Canada, France, UK, Germany, Italy, Spain, Poland, Finland
-
06-22-2014, 11:17 PM #5Web Hosting Master
- Join Date
- Apr 2011
- Location
- Cybertron
- Posts
- 10,484
Have you been succesful with this?
I've done it in the past and recieved no replies, although if REALLY search, the answers are there.
I personally found WHT to be 1000% times faster with receiving help....of course after searching through and not finding an answer, which was probably posted many many times before.
-
06-25-2014, 08:22 PM #6Web Hosting Master
- Join Date
- Nov 2004
- Location
- Australia
- Posts
- 1,737
I guess it's down to the CSF forums being one person, compared to thousands of admins on WHT ... one person has only so much time, being human ...
Similar Threads
-
Manual edit csf firewall csf.allow or csf.ignore?
By hostyourdream in forum Hosting Software and Control PanelsReplies: 8Last Post: 09-14-2015, 06:31 PM -
CSF rules across multiple servers?
By uRDeSIRE in forum Hosting Security and Technology TutorialsReplies: 2Last Post: 11-12-2013, 12:13 PM -
Advanced WHMCS Module - WHMCS-CSF Auto Unblocker
By OpenInternet-Vince in forum Software & Scripts OffersReplies: 2Last Post: 05-28-2010, 04:53 AM -
Csf Firewall Rules Blocks Connection To My Server
By tkanaco in forum Hosting Security and TechnologyReplies: 14Last Post: 09-06-2008, 09:22 PM -
Advanced rewrite rules
By BobbyDouglas in forum Hosting Security and TechnologyReplies: 4Last Post: 04-18-2005, 04:31 PM