ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://forum.configserver.com/

Allow IP Range To Port in csf.allow

https://forum.configserver.com/viewtopic.php?t=9999

Page 1 of 1

Allow IP Range To Port in csf.allow

Posted: 10 Jan 2017, 22:41
by bsntech
First question:

How are the rules applied? Is the csf.deny applied first and then csf.allow - or is csf.allow applied first?

Here is my issue.

In the csf.allow file, I have IP ranges allowed for port 80 and port 443 - idea is to prevent them from being blocked:

tcp|in|d=80|s=1.1.1.0/24
tcp|in|d=443|s=1.1.1.0/24

However, computers within that range seem to have mis-configured mail clients. After so many failed attempts, they are getting permanently blocked in csf.deny.

Upon that happening, they no longer can get to port 80 or port 443 to access the website - which I always want to have available.

Do I have the configuration wrong?

Re: Allow IP Range To Port in csf.allow

Posted: 11 Jan 2017, 03:35
by sawbuck
If those ranges are trusted they can be added to csf.ignore.

Re: Allow IP Range To Port in csf.allow

Posted: 11 Jan 2017, 19:33
by bsntech
Don't exactly want to trust the range as I don't want them to be able to access some ports or brute force things like SSH.

Just want them to always be able to access port 80 and port 443. But if they are brute forcing SMTP or POP, those would be blocked upon trying to do so.

Re: Allow IP Range To Port in csf.allow

Posted: 16 Jan 2017, 19:48
by bsntech
No other ideas? I would think there has to be a way to ensure the csf.allow is called before the csf.deny, but it doesn't seem to be the case.

Re: Allow IP Range To Port in csf.allow

Posted: 09 Jun 2017, 18:08
by salfredogonzalez
I would like to know if that rules are useful, i am looking for the same answer and it looks logical the solution but my guessing is if it is working for you.
Thanks,
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited