Hi all,
this thread is to add working REGEX that we can share with the community. To add them to this sticky, you should have the regex working in your server, this thread is not intended to solve any issues related with no working regex, the intention is to give users of CSF REGEXs that could make CSF with more security options.
If you want to collaborate, please add your rule to this thread...
If you have one particular IP address that is either dropped or accepted through the firewall that you think should not be, then you can use the new WATCH_MODE in csf.
Before enabling this option and using the CLI command to watch an IP address, check whether it is explicitly listed first using:
csf --grep 11.22.33.44
Where 11.22.33.44 is the IP address you're tracking. If that comes back...
If you get iptables errors when trying to start csf on a VPS then you most likely have missing iptables modules for your VPS.
If your hosting provider wants to know how to configure iptables correctly on a VPS server, then you should point them to this Parallels FAQ and have them follow it (plus to add ip_conntrack_ftp to the list of required modules):
I have reported this issue in a different thread about 4 months ago but we still haven't solved the issue. We have two WHM/CPANEL servers that are running CentOS v7.9.2009. Both servers are running csf v14.12. Both servers were running fine for over 3 years until we migrated from Centos 6 to 7. Since then we have been experiencing and issue with CSF that blocks HTTP traffic to all accounts on the...
I have a few big subnets in my /etc/csf/csf.deny file, let's say for example something like this:
tcp|in|d=22,25,80,443|s=1.0.0.0/8
This will deny any traffic from that net, to the ports listed on my host. However I also experienced delivery issues to MX hosts in the blocked subnet (the connection times out), and I suspect it's because of the order of the iptables rule (replies from the...
I have created and tested a Global Filter to filter outbound emails in a cPanel account. The filter works when testing using the webmail client. When sending an email via SMTP authentication and an email client such as Outlook, the filter does not apply and the email goes through.
I am guessing this is due to csf having some sort of priority for SMTP connections and overriding the rules. Can...
I've noticed a behavior in CSF where temporary blocks issued via `csf -t` do not seem to respect the allow or ignore lists. This led to some unintended blocks of IPs that were explicitly allowed or ignored, which was not expected.
To mitigate this, I implemented a workaround where I first attempt to add a permanent block. If that fails due to the IP being on an allow or ignore list, no...
For some reason none of our cpanel accounts are receiving emails. Sending is working fine. All the correct ports are open in configuration. When CSF is disabled all emails are received and everything works fine. Also removed and reinstalled CSF and same issue. Any idea?
I'm trying to use CSF on a Digital Ocean (DO) VPS and I'd like to try managing it through WebMin. The VPS came with Uncomplicated Firewall (UFW) pre-installed.
The VPS just serves one website. I like using the DO firewall for blocking ports and allow-listing my home IP, and continue to use it for that.
The only reason I want to use CSF is to block inbound connections from the three...
Hi Team,
I am using ubuntu 24.04 server minimal using virtualmin pro
Replaced fail2ban with CSF. i keep getting bruteforce attacks or unsure what it is from mail logs please see below assist me with regex codes. apologies just a beginner
Hi,
Someone can be able to explain me why port 465 works on my CSF Firewall ? I don't have set this port in TCP_OUT and TCP6_OUT. When I use below command, it works.
openssl s_client -connect smtp.gmail.com:465
In CSF I found in Firewall Configuration these parameters but I don't know how they compare to TCP_OUT
SMTP_BLOCK = ON
SMTP_ALLOWLOCAL = ON
SMTP_PORTS = 25,465,587
Blocking countries in CC_DENY from Country Code Lists and Settings blocks access to some domains and their websites on the VPS.
We have to restart CSF to gain access, and so every time we are unable to access without making any changes to CC_DENY, we have to restart CSF again.
I have been grappling with understanding why some of my sites on my server are always sending me these suspicious process emails (via CSF) related to php-cgi and php-fpm. It appears to me that the issue most of the time is related to an outbound network connection the script has opened. In this specific instance, the remote connection is to 172.64.145.91:443 which is a CloudFlare...
Recently we've added the UptimeRobot IPs from to our CSF allow list (using Include of a separate file).
For each IP, we've added icmp|in|d=ping|s= and tcp|in|d=80,443|s= .
On some servers running CloudLinux 8 with cPanel, we've got this error after restarting CSF:
csf: IPSET creating set chain_ALLOW
csf: IPSET creating set chain_6_ALLOW
csf: FASTSTART loading csf.allow (IPv4)
csf: FASTSTART...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum