bogon blocking only on some interfaces

3 posts Page 1 of 1
Junior Member
Posts: 1
Joined: 30 Dec 2011, 10:15

Hello, we are using lot's of nat in for our servers. is there a possibility to add bogon network blocking to only some interfaces?

like we have a public ip on eth0 but on eth1 and eth2 we have addresses. on eth0 we want bogon network blocking.

greetings from holland and many thanks.
Junior Member
Posts: 47
Joined: 15 May 2014, 17:10

As a noob, i bet this is not possible in CSF, unless you whitelist bogons in csf.ignore (in csf.allow too?) and then manually block them in iptables for certain interface:
iptables -A INPUT -i eth0 -s BOGONIP -j DROP
iptables -A OUTPUT -i eth0 -s BOGONIP -j DROP
i am probably wrong
Junior Member
Posts: 155
Joined: 17 Sep 2007, 17:02

CSF already supports this. Look at LF_BOGON_SKIP in /etc/csf/csf.conf
3 posts Page 1 of 1