Only local traffic

Post Reply
schmerold
Junior Member
Posts: 16
Joined: 15 Jun 2009, 18:50

Only local traffic

Post by schmerold »

We have a few servers that should only get local traffic. CC_ALLOW states that entering countries in the CC_ALLOW field opens all ports to all clients from that country.

That's not what we want to do, instead we only want to permit US & CA clients to access these servers, but we want other restrictions and safeguards to remain in place.

Is there a was to do this in ConfigServer?
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

If I understand correctly, then it's not possible with csf itself. It would need a chain inserting into LOCALINPUT that contained rules for each CIDR for the specified CC which returned the check to the LOCALINPUT chain on a match. If no matches were made in the chain, then the final rule would be a DROP. You could do this using a csfpost.sh script and code in the chain yourself.

I'll consider it for a future modification as I can see how it would be useful.
schmerold
Junior Member
Posts: 16
Joined: 15 Jun 2009, 18:50

Cc_allow_filter

Post by schmerold »

Chirpy: Thank you for CC_ALLOW_FILTER
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

I hope it's providing what you were looking for.
Post Reply