I have a server that will be used for development tasks. So i want this server only accessible from Finland (for some ports only, all other ports will be blocked for anywhere). I tried lots of settings and couldn't make it working.
My configuration is below:
Code: Select all
TCP_IN = ""
UDP_IN = ""
FASTSTART = "0"
LF_IPSET = "1"
MM_LICENSE_KEY = "ABCDEFG12312"
CC_DENY = ""
CC_ALLOW = ""
CC_ALLOW_FILTER = ""
CC_ALLOW_PORTS = "FI"
CC_ALLOW_PORTS_TCP = "22,80,443"
Code: Select all
Oct 8 13:38:17 xyzzyz kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=xx:yy:zz SRC=xx.xx.xx.xx DST=yy.yy.yy.yy LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=63203 DF PROTO=TCP SPT=36078 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Code: Select all
root@dev /etc/csf # ls -l /var/lib/csf/Geo/
total 65860
-rw-r--r-- 1 root root 55 Oct 8 13:22 COPYRIGHT.txt
-rw-r--r-- 1 root root 21769135 Oct 8 13:22 GeoLite2-ASN-Blocks-IPv4.csv
-rw-r--r-- 1 root root 6680913 Oct 8 13:22 GeoLite2-ASN-Blocks-IPv6.csv
-rw-r--r-- 1 root root 18664809 Oct 8 13:22 GeoLite2-Country-Blocks-IPv4.csv
-rw-r--r-- 1 root root 20297930 Oct 8 13:22 GeoLite2-Country-Blocks-IPv6.csv
-rw-r--r-- 1 root root 9866 Oct 8 13:22 GeoLite2-Country-Locations-en.csv
-rw-r--r-- 1 root root 398 Oct 8 13:22 LICENSE.txt
Code: Select all
root@dev /etc/csf # csf -i xx.xx.xx.xx
xx.xx.xx.xx (FI/Finland/xyz.com)