Search found 3 matches

by gr56rd
15 May 2019, 20:40
Forum: General Discussion (csf)
Topic: Adding port rules to csf.allow
Replies: 3
Views: 3866

Re: Adding port rules to csf.allow

On my test server I was able to get it to work by adding these rules to csf.allow tcp|in|s=80,443|s=1.1.1.1 tcp|out|d=80,443|d=1.1.1.1 Why would both be needed if csf is stateful (iptables underneath). If egress connection is initiated to 1.1.1.1: 443 then bidirectional communication should be permi...
by gr56rd
15 May 2019, 20:05
Forum: General Discussion (csf)
Topic: Adding port rules to csf.allow
Replies: 3
Views: 3866

Re: Adding port rules to csf.allow

CSF is not honoring ip:port rules when the IP is also in a blocklist. Its critical that this work because many time legitimate IP's end up on blocklists and can break services. If an IP is in a blocklist then ip:port rules in csf.allow do not work to permit egress traffic. If just the ip is placed i...
by gr56rd
15 May 2019, 14:34
Forum: General Discussion (csf)
Topic: Adding port rules to csf.allow
Replies: 3
Views: 3866

Re: Adding port rules to csf.allow

Same problem here.

IP's that are in a csf.blocklist cannot be allowed through in csf.allow. They only work if added to tempallow.

Is this a bug?

How do we get these IP's in csf.allow to work even though they show up in a blocklist?