ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://forum.configserver.com/

bogon blocking only on some interfaces

https://forum.configserver.com/viewtopic.php?t=5053

Page 1 of 1

bogon blocking only on some interfaces

Posted: 30 Dec 2011, 10:18
by oid
Hello, we are using lot's of nat in 10.0.0.0/8 for our servers. is there a possibility to add bogon network blocking to only some interfaces?

like we have a public ip on eth0 but on eth1 and eth2 we have 10.0.0.0/8 addresses. on eth0 we want bogon network blocking.

greetings from holland and many thanks.

Re: bogon blocking only on some interfaces

Posted: 29 Sep 2017, 12:01
by postcd
As a noob, i bet this is not possible in CSF, unless you whitelist bogons in csf.ignore (in csf.allow too?) and then manually block them in iptables for certain interface:
IN:
iptables -A INPUT -i eth0 -s BOGONIP -j DROP
OUT:
iptables -A OUTPUT -i eth0 -s BOGONIP -j DROP
i am probably wrong

Re: bogon blocking only on some interfaces

Posted: 30 Sep 2017, 12:11
by marcele
CSF already supports this. Look at LF_BOGON_SKIP in /etc/csf/csf.conf
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited