ConfigServer Community Forum

Hi, I'm trying to allow all udp (multicast only) packets through the firewall. I wrote the following into /etc/csf/csfpost.sh: iptables -A ALLOWIN ! -i lo -m pkttype --pkt-type multicast -p udp -j ACCEPT iptables -A ALLOWIN ! -i lo -m pkttype --pkt-type multicast -p udplite -j ACCEPT iptables -A ALL...

Ok, this was azure related, not csf related. Azure monitors some of my ports for load-balancing. If i don't allow azure's ips too, the server seems closed to azure monitor, so their firewall (not csf) begin to drop packets to that target.

Thank you.

Output of csf --grep: Chain num pkts bytes target prot opt in out source destination ALLOWIN 2 1228 144K ACCEPT all -- !lo * xx.xx.xx.xx 0.0.0.0/0 ALLOWOUT 1 796 238K ACCEPT all -- * !lo 0.0.0.0/0 xx.xx.xx.xx ip6tables: Chain num pkts bytes target prot opt in out source destination No matches found ...

Sorry, it doesn't still work. I've just tested too quick after editing and restarting.

I managed it to work. I've got a comment after the ip in csf.allow separated by a tab instead a single space as documentation specify.

I've found this thread: viewtopic.php?t=1344&start=10... Does it help?

Hi, I've got an haproxy server with csf listening at port 2222 forwarding some ssh to a remote server on port 22 (inside a private VPN, that's why the haproxy is forwarding ssh). I've got our office ip into csf.allow, and port 22 in TCP_OUT in csf.conf. What i want is to not list port 2222 in TCP_IN...