[CSF+LFD, IPtables] Used CSF for limiting Port access on Remote Machine on CentOS-7-x64 to specific IPv4, NOT working?
Posted: 13 May 2021, 13:23
Remote Machine OS: CentOS-7-x64
Firewall GUI: CSF+LFD
Issue: Granting access to specific Ports by selective IP's and CIDR range to Remote Machine CentOS-7-x64 does not works, as no access to that specific IP's granted?
Hiya,
I'm trying to Grant Access to specific ports on my Remote Server CentOS-7-x64 by specific IP and CIDR range but it's not functioning. I added lines to:
1-csf.allow as below:
2-csf.ignore as below:
3-
> csf -r
>csf -ra
4- shutdown the server and start the server again
But the settings are not working as there is no access granted to these specific IP and IP range neither to the specific Application on the server nor to the SSH, as both specific application and SSH remain inaccessible by those IP's that whitelisted by CSF?
The server's all Allowed IPv4's in CSF as listed below:
I'm trying to allow access to the Remote Machine CentOS-7-x64 for accessing my Application on the Server on Port-B(UDP) when I need it. Also occasionally updating server by accessing it through Port-A(SSH port). But for security reasons, I don't want my server's Application and My server's SSH port to be accessible widely, but only through a specific IP range, and this is not working for an unknown reason?
May please help me fix this issue as I don't have access by this whitelisted IP's and IP Range(CIDR) to the specific Application and also the SSH, as neither of these ports(Port-A and Port-B) is accessible by the whitelisted IP and IP range?
Tnx and best of luck
Firewall GUI: CSF+LFD
Issue: Granting access to specific Ports by selective IP's and CIDR range to Remote Machine CentOS-7-x64 does not works, as no access to that specific IP's granted?
Hiya,
I'm trying to Grant Access to specific ports on my Remote Server CentOS-7-x64 by specific IP and CIDR range but it's not functioning. I added lines to:
1-csf.allow as below:
Code: Select all
tcp|in|d={Port-A}|s={IP-Alpha}
tcp|in|d={Port-A}|s={IP-Alpha/24}
tcp|out|d={Port-A}|s={IP-Alpha/24}
tcp|in|d={Port-A}|s={IP-Beta}
tcp|in|d={Port-A}|s={IP-Beta/24}
tcp|out|d={Port-A}|s={IP-Beta/24}
tcp|in|d={Port-A}|s={Server-IP}
tcp|out|d={Port-A}|s={Server-IP}
udp|in|d={Port-B}|s={IP-Alpha}
udp|in|d={Port-B}|s={IP-Alpha/24}
udp|out|d={Port-B}|s={IP-Alpha/24}
udp|in|d={Port-B}|s={IP-Beta}
udp|in|d={Port-B}|s={IP-Beta/24}
udp|out|d={Port-B}|s={IP-Beta/24}
udp|in|d={Port-B}|s={Server-IP}
udp|out|d={Port-B}|s={Server-IP}
2-csf.ignore as below:
Code: Select all
tcp|in|d={Port-A}|s={IP-Alpha}
tcp|in|d={Port-A}|s={IP-Alpha/24}
tcp|out|d={Port-A}|s={IP-Alpha/24}
tcp|in|d={Port-A}|s={IP-Beta}
tcp|in|d={Port-A}|s={IP-Beta/24}
tcp|out|d={Port-A}|s={IP-Beta/24}
tcp|in|d={Port-A}|s={Server-IP}
tcp|out|d={Port-A}|s={Server-IP}
udp|in|d={Port-B}|s={IP-Alpha}
udp|in|d={Port-B}|s={IP-Alpha/24}
udp|out|d={Port-B}|s={IP-Alpha/24}
udp|in|d={Port-B}|s={IP-Beta}
udp|in|d={Port-B}|s={IP-Beta/24}
udp|out|d={Port-B}|s={IP-Beta/24}
udp|in|d={Port-B}|s={Server-IP}
udp|out|d={Port-B}|s={Server-IP}
3-
> csf -r
>csf -ra
4- shutdown the server and start the server again
But the settings are not working as there is no access granted to these specific IP and IP range neither to the specific Application on the server nor to the SSH, as both specific application and SSH remain inaccessible by those IP's that whitelisted by CSF?
The server's all Allowed IPv4's in CSF as listed below:
Code: Select all
TCP_IN= {DNSsec port, Specific application port(Port-C)}
TCP_OUT= {DNSsec port, Specific application port(Port-C)}
UDP_IN= {DNSsec port, Specific application port(Port-C), OpenVPN_Port, WireGuard_Port}
UDP_OUT= {DNSsec port, Specific application port(Port-C)}, OpenVPN_Port, WireGuard_Port}
I'm trying to allow access to the Remote Machine CentOS-7-x64 for accessing my Application on the Server on Port-B(UDP) when I need it. Also occasionally updating server by accessing it through Port-A(SSH port). But for security reasons, I don't want my server's Application and My server's SSH port to be accessible widely, but only through a specific IP range, and this is not working for an unknown reason?
May please help me fix this issue as I don't have access by this whitelisted IP's and IP Range(CIDR) to the specific Application and also the SSH, as neither of these ports(Port-A and Port-B) is accessible by the whitelisted IP and IP range?
Tnx and best of luck