edwardsmarkf
Junior Member
Posts: 32 Joined: 05 Oct 2013, 16:32
Post
by edwardsmarkf 03 Apr 2014, 06:28
hello all -
when i issue a command such as:
csf --deny 111.222.333.444 ;
do i also need to issue the command:
csf --restart ;
to make this IP number actually blocked?
i notice even though there is an IP ## in the csf.deny file, that IP can still reach our server.
es2alna
Junior Member
Posts: 1 Joined: 03 Apr 2014, 10:23
Contact:
Post
by es2alna 03 Apr 2014, 10:51
Hi,
Yes, you should restart CSF to take effect.
Note: You can use short commands like this
Code: Select all
csf -d #to deny
csf -a #to allow
csf -r #to restart
Thanks,
mt25
Junior Member
Posts: 18 Joined: 09 Sep 2008, 16:26
Post
by mt25 03 Apr 2014, 14:49
Strange. I don't recall ever having to restart CSF after doing a simple 'csf -d'. If CSF had to be restarted each time 'csf -d' was ran, that would impose a huge performance penalty on a server if brute force protection of services was in place.
edwardsmarkf
Junior Member
Posts: 32 Joined: 05 Oct 2013, 16:32
Post
by edwardsmarkf 03 Apr 2014, 15:23
quick test -- it appears that csf -r; (or for us newbies: csf --restart; ) is actually unnecessary.
Sergio
Junior Member
Posts: 1712 Joined: 12 Dec 2006, 14:56
Post
by Sergio 04 Apr 2014, 03:51
You don't need to do any restart when you are adding an IP to the firewall nor deleting it.
