My server has 4 IP addresses, one of which has come under the "Great Firewall of China" DDoS attack.
For the affected IP address (let's say it's 1.2.3.4), I want to block all port 80 traffic, so I created the following entry in csf.deny:
tcp|in|d=80|d=1.2.3.4
This works but not how I want. For example, I am able to successfully connect to port 80 (telnet 1.2.3.4 80). Then, only after I issue "GET /", do I see an immediate "Connection closed by foreign host."
What I want to see "Connection refused" when I try to connect.
Am I doing something wrong?
Advanced port+ip filter question
Re: Advanced port+ip filter question
Never mind, I'm an idiot. The rule works perfectly... the workstation that I testing from was whitelisted in csf.allow. Doh!