Page 2 of 2

Re: Blocking connections without blocking e-mail

Posted: 23 Jun 2020, 22:39
by linux4me
The way I suggest doing it is to use CC_DENY_PORTS instead of CC_DENY.

Put the list of countries you want to block all but email in the CC_DENY_PORTS field, then add the ports you want to block into the CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP fields. You may only want to block the access to your sites via HTTP and HTTPS (80,443) and to SSH (22) and FTP (20,21).

Save your changes, restart csf and lfd, and you're good to go.

If you have other countries you want to block entirely, you can list them in CC_DENY.

Re: Blocking connections without blocking e-mail

Posted: 24 Jun 2020, 14:50
by JasGot
I would try this if it were reversed. I need to deny all. I can't list every port in that field.