[CSF+LFD, IPtables] Used CSF for limiting Port access on Remote Machine on CentOS-7-x64 to specific IPv4, NOT working?

Post Reply
Blonde
Junior Member
Posts: 2
Joined: 13 May 2021, 12:49

[CSF+LFD, IPtables] Used CSF for limiting Port access on Remote Machine on CentOS-7-x64 to specific IPv4, NOT working?

Post by Blonde »

Remote Machine OS: CentOS-7-x64

Firewall GUI: CSF+LFD

Issue: Granting access to specific Ports by selective IP's and CIDR range to Remote Machine CentOS-7-x64 does not works, as no access to that specific IP's granted?





Hiya,



I'm trying to Grant Access to specific ports on my Remote Server CentOS-7-x64 by specific IP and CIDR range but it's not functioning. I added lines to:

1-csf.allow as below:

Code: Select all

tcp|in|d={Port-A}|s={IP-Alpha}
tcp|in|d={Port-A}|s={IP-Alpha/24}
tcp|out|d={Port-A}|s={IP-Alpha/24}
tcp|in|d={Port-A}|s={IP-Beta}
tcp|in|d={Port-A}|s={IP-Beta/24}
tcp|out|d={Port-A}|s={IP-Beta/24}
tcp|in|d={Port-A}|s={Server-IP}
tcp|out|d={Port-A}|s={Server-IP}
udp|in|d={Port-B}|s={IP-Alpha}
udp|in|d={Port-B}|s={IP-Alpha/24}
udp|out|d={Port-B}|s={IP-Alpha/24}
udp|in|d={Port-B}|s={IP-Beta}
udp|in|d={Port-B}|s={IP-Beta/24}
udp|out|d={Port-B}|s={IP-Beta/24}
udp|in|d={Port-B}|s={Server-IP}
udp|out|d={Port-B}|s={Server-IP}

2-csf.ignore as below:

Code: Select all

tcp|in|d={Port-A}|s={IP-Alpha}
tcp|in|d={Port-A}|s={IP-Alpha/24}
tcp|out|d={Port-A}|s={IP-Alpha/24}
tcp|in|d={Port-A}|s={IP-Beta}
tcp|in|d={Port-A}|s={IP-Beta/24}
tcp|out|d={Port-A}|s={IP-Beta/24}
tcp|in|d={Port-A}|s={Server-IP}
tcp|out|d={Port-A}|s={Server-IP}
udp|in|d={Port-B}|s={IP-Alpha}
udp|in|d={Port-B}|s={IP-Alpha/24}
udp|out|d={Port-B}|s={IP-Alpha/24}
udp|in|d={Port-B}|s={IP-Beta}
udp|in|d={Port-B}|s={IP-Beta/24}
udp|out|d={Port-B}|s={IP-Beta/24}
udp|in|d={Port-B}|s={Server-IP}
udp|out|d={Port-B}|s={Server-IP}

3-
> csf -r

>csf -ra


4- shutdown the server and start the server again

But the settings are not working as there is no access granted to these specific IP and IP range neither to the specific Application on the server nor to the SSH, as both specific application and SSH remain inaccessible by those IP's that whitelisted by CSF?

The server's all Allowed IPv4's in CSF as listed below:

Code: Select all

TCP_IN= {DNSsec port, Specific application port(Port-C)}

TCP_OUT= {DNSsec port, Specific application port(Port-C)}

UDP_IN= {DNSsec port, Specific application port(Port-C), OpenVPN_Port, WireGuard_Port}

UDP_OUT= {DNSsec port, Specific application port(Port-C)}, OpenVPN_Port, WireGuard_Port}


I'm trying to allow access to the Remote Machine CentOS-7-x64 for accessing my Application on the Server on Port-B(UDP) when I need it. Also occasionally updating server by accessing it through Port-A(SSH port). But for security reasons, I don't want my server's Application and My server's SSH port to be accessible widely, but only through a specific IP range, and this is not working for an unknown reason?

May please help me fix this issue as I don't have access by this whitelisted IP's and IP Range(CIDR) to the specific Application and also the SSH, as neither of these ports(Port-A and Port-B) is accessible by the whitelisted IP and IP range?



Tnx and best of luck
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

Re: [CSF+LFD, IPtables] Used CSF for limiting Port access on Remote Machine on CentOS-7-x64 to specific IPv4, NOT workin

Post by Sergio »

Just as a test, try to give a 1 hour access to all ports to the specific IP using the "Temporary" option in CSF and check if that works.
Blonde
Junior Member
Posts: 2
Joined: 13 May 2021, 12:49

Re: [CSF+LFD, IPtables] Used CSF for limiting Port access on Remote Machine on CentOS-7-x64 to specific IPv4, NOT workin

Post by Blonde »

Sergio wrote: 19 May 2021, 05:35 Just as a test, try to give a 1 hour access to all ports to the specific IP using the "Temporary" option in CSF and check if that works.
Hiya @Sergio


Thanks. I don't know how to do this? If you could provide the code to execute, I screenshot the results back here, ok?

Tnx and best of luck
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

Re: [CSF+LFD, IPtables] Used CSF for limiting Port access on Remote Machine on CentOS-7-x64 to specific IPv4, NOT workin

Post by Sergio »

Enter into CSF GUI then on the temporary DENY/ALLOW box, write there the IP.

Sergio
Post Reply