block IP range but allow individual IPs within range

Post Reply
logout
Junior Member
Posts: 14
Joined: 17 Jul 2017, 01:51

block IP range but allow individual IPs within range

Post by logout »

On a normal web server where ports 80,443 are normally open to normal web traffic, we want to block a particularly nuisance IP range (for example 46.229.160.0/20) but allow access from an individual IP within that range (for example 46.229.160.1). Is this possible? It doesn't seem to be during my testing.
scotw
Junior Member
Posts: 3
Joined: 15 Nov 2017, 20:09

Re: block IP range but allow individual IPs within range

Post by scotw »

Probably to late. Cant believe no one answered this....

IPtables rules go in order. So as long as the 'allow 46.229.160.1' was before the 'DENY 46.229.160.0/20', it would work. I'm not sure how CSF handles the order but you could put ip tables rules in the correct order into csfpost.sh file manually. That file gets loaded last I believe.

Upon viewing my iptables which is managed by CSF, it looks like 'chain in allow ' is before the deny rule. So simply put that ip in the csfallow and then put the other ip range in the csfdeny. Should allow in first for the one ip and all other IPs will hit the deny rule.
Post Reply