Results 1 to 6 of 6
  1. #1
    Join Date
    Jun 2005
    Posts
    3,455

    CSF advanced rules

    To be honest one of the things I dislike about CSF is that its to basic in terms of adding an IP (all ports) or blocking it. I need to set up "per protocol, per IP, etc"

    The readme it explains you can have advanced rules:

    tcp/udp|in/out|s/d=port|s/d=ip|u=uid

    Broken down:

    tcp/udp : EITHER tcp OR udp OR icmp protocol
    in/out : EITHER incoming OR outgoing connections
    s/d=port : EITHER source OR destination port number (or ICMP type)
    (use a _ for a port range, e.g. 2000_3000)
    s/d=ip : EITHER source OR destination IP address
    u/g=UID : EITHER UID or GID of source packet, implies outgoing connections,
    s/d=IP value is ignored

    Examples:

    # TCP connections inbound to port 3306 from IP 11.22.33.44
    tcp|in|d=3306|s=11.22.33.44

    Ok that is something, but it does not clarify if you can combine the options. Example both destination and source port, or in and out in the same rule:

    Does CSF support this for example?

    tcp|in|out|s=3306|d=4045|s=11.22.33.44

    The readme does not say this and I could not find if this is supported.

    I usually create them directly in IPtables, but for some reasons a servers with CSF does not like rules directly in Iptables anymore, they are ignored. So I assume you have now to do everything via CSF.

    Is there a way to create advanced rules in CSF or if not, just tell it to read the rules from iptables and also use those?

  2. #2
    Join Date
    Apr 2013
    Location
    Outskirts of Milky Way
    Posts
    391
    The Configserver folks are responsive to questions about their products through their support.

    The Configserver Forums is also a good place to ask questions about CSF.

  3. #3
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,737
    At a guess I'd think this could work; the only way to know for sure is to test it.

    Would be most grateful, if you do test it, if you could let us know the result here.

  4. #4
    Join Date
    Oct 2012
    Location
    Europe and USA
    Posts
    991
    You can't combine in/out in one command, but you can run 2 separate commands.
    For example

    Code:
    csf -d "tcp|in|d=4045|s=11.22.33.44"
    csf -d "tcp|out|d=4045|d=11.22.33.44"
    If you need advanced and complex iptables rules you can add them to
    /etc/csf/csfpost.sh

    CSF will run them automatically after it has finished starting, so they will not be ignored.
    NetworkPanda :: Web Hosting SSD Powered :: Reseller Hosting
    Instant activation, fast servers, NVMe SSD disks, cPanel, Softaculous 1-click apps installer, daily backups
    Multiple hosting locations: USA, Canada, France, UK, Germany, Italy, Spain, Poland, Finland

  5. #5
    Join Date
    Apr 2011
    Location
    Cybertron
    Posts
    10,484
    Quote Originally Posted by edigest View Post
    The Configserver folks are responsive to questions about their products through their support.

    The Configserver Forums is also a good place to ask questions about CSF.
    Have you been succesful with this?

    I've done it in the past and recieved no replies, although if REALLY search, the answers are there.

    I personally found WHT to be 1000% times faster with receiving help....of course after searching through and not finding an answer, which was probably posted many many times before.

  6. #6
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,737
    I guess it's down to the CSF forums being one person, compared to thousands of admins on WHT ... one person has only so much time, being human ...

Similar Threads

  1. Manual edit csf firewall csf.allow or csf.ignore?
    By hostyourdream in forum Hosting Software and Control Panels
    Replies: 8
    Last Post: 09-14-2015, 06:31 PM
  2. CSF rules across multiple servers?
    By uRDeSIRE in forum Hosting Security and Technology Tutorials
    Replies: 2
    Last Post: 11-12-2013, 12:13 PM
  3. Advanced WHMCS Module - WHMCS-CSF Auto Unblocker
    By OpenInternet-Vince in forum Software & Scripts Offers
    Replies: 2
    Last Post: 05-28-2010, 04:53 AM
  4. Csf Firewall Rules Blocks Connection To My Server
    By tkanaco in forum Hosting Security and Technology
    Replies: 14
    Last Post: 09-06-2008, 09:22 PM
  5. Advanced rewrite rules
    By BobbyDouglas in forum Hosting Security and Technology
    Replies: 4
    Last Post: 04-18-2005, 04:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •