I've got a server with multiple public-facing IPs, and I'd like certain services to only be bound on certain IPs. Services like SSH and FTP can simply be configured to only bind to a single interface, but I've got a couple stubborn ones that insist on binding to them all.
What I'm basically looking for is something like the TCP_IN option, but address-specific. For example, connections to 1.2.3.4:9000 are allowed, but connections to port 5.6.7.8:9000 are not.
What's the best way to do something like this? I can manage with either a black- or whitelisting solution.
Block port on certain IP
Re: Block port on certain IP
Solution from cPanel forums:
in /etc/csf/csf.deny:This would deny port 2087 on 123.123.123.2 but not other IPs allocated to the server. Create more rules to block other ports on other specific IP addresses.Code: Select all
tcp|in|d=2087|d=123.123.123.2