Block IP - Is a CSF Reload Needed?

Post Reply
nigelpeck
Junior Member
Posts: 5
Joined: 15 Nov 2016, 19:26

Block IP - Is a CSF Reload Needed?

Post by nigelpeck »

I am looking at how to block IP addresses with CSF, and find that the following command suits my needs:

Code: Select all

sudo csf -d 10.0.0.1 do not delete
The response that I get back from CSF seems to indicate that this has been added to iptables:

Code: Select all

Adding 10.0.0.1 to csf.deny and iptables DROP...
DROP  all opt -- in !lo out *  10.0.0.1  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 10.0.0.1 
...which sounds like "csf -r" is not needed. Although this question on SO says otherwise. Is that correct? I don't need to reload csf after blocking an IP in this way?

Thanks.
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: Block IP - Is a CSF Reload Needed?

Post by ForumAdmin »

No, you do not need to restart csf after using the CLI commands to deny/allow IPs.
nigelpeck
Junior Member
Posts: 5
Joined: 15 Nov 2016, 19:26

Re: Block IP - Is a CSF Reload Needed?

Post by nigelpeck »

ForumAdmin wrote: 17 May 2017, 08:49 No, you do not need to restart csf after using the CLI commands to deny/allow IPs.
Thanks, that's good to know.
DanoGeorge
Junior Member
Posts: 1
Joined: 02 Jul 2019, 07:25

Re: Block IP - Is a CSF Reload Needed?

Post by DanoGeorge »

ForumAdmin wrote:
No, you do not need to restart csf after using the CLI commands to deny/allow IPs. essaytyper
Hello,

Will IP still be blocked by lfd, when I allow IP? How can I make lfd ignore IP addresses in the csf.allow file? Thanks.
MaXi32
Junior Member
Posts: 11
Joined: 13 Aug 2019, 03:26

Re: Block IP - Is a CSF Reload Needed?

Post by MaXi32 »

I can confirm to you that using csf -dr, you also need to restart csf epecially if the blocking rule is in CIDR form. For example try to remove 1.1.1.0/24 from the list,

csf -dr 1.1.1.0/24

now if you don't restart you try to add the same network CIDR:

csf -d 1.1.1.0/24

and csf will complain that CIDR is already in deny list but it doesn't.

I cannot reproduce this yet but this happen randomly. So restarting should be safe.
Post Reply