cannot block ports
Posted: 01 Mar 2017, 05:58
Hi security guys,
Blocking ports doesn't seem to be working for me in CSF. I am also using csf from webmin console.
Have removed port 80 from TCP_IN, UDP_IN, TCP6_IN, UDP6_IN and restarted it through csf -r
still i can see 80 is not blocked yet from outside.
=======================
# ./csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server
============
#csf -e
csf and lfd are not disabled!
#iptables -L | grep http
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:http
Other details -
testing mode = disabled
rsyslog =3
=============
Thanks in advance
Blocking ports doesn't seem to be working for me in CSF. I am also using csf from webmin console.
Have removed port 80 from TCP_IN, UDP_IN, TCP6_IN, UDP6_IN and restarted it through csf -r
still i can see 80 is not blocked yet from outside.
=======================
# ./csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server
============
#csf -e
csf and lfd are not disabled!
#iptables -L | grep http
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:http
Other details -
testing mode = disabled
rsyslog =3
=============
Thanks in advance
