Deny and Allow

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
jimbo
Junior Member
Posts: 16
Joined: 10 Jan 2007, 15:29

Deny and Allow

Post by jimbo »

I read in another thread that the IP Allow overrides the IP Deny. I had a range of IP addresses in the IP DENY and a single IP address in the ALLOW. The single IP was still denied.

Example

DENY FILE

[INDENT]26.132.12.0/24 # Deny[/INDENT]
ALLOW FILE

[INDENT]d=1111:s=26.132.12.200 # Allow[/INDENT]

The IP 26.132.12.200 was still not able to log in until I removed the deny entry.
Top
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

Do the following and check which IP comes first, the ALLOW or the DENY:

iptables -L INPUT -n | more
Top
jimbo
Junior Member
Posts: 16
Joined: 10 Jan 2007, 15:29

Post by jimbo »

Chripy,

The ACCEPT with the IP is listed above the DROP with the range.
Top
Post Reply

Return to “Report Bugs (csf)”