Recreating WHM Host Access Control in CSF (for Alma Linux)
Posted: 19 Dec 2023, 21:20
I'm trying to migrate a WHM/CPanel server from Centos 7 to Alma Linux 8. In Alma Linux, Host Access control does not allow the same configuration as Centos.
In Centos host access control you can select the Daemon, the IP(s), and Allow or Deny. So for example in my Centos config I allow my IP to access SSHD and then I set the next rule to deny all other IPs to that same Daemon.
In Alma Linux host access config, you can only Allow a single IP to access a port per rule, and you can't put a comment next to the rule. So for example, cPanel support has (9) IP's that you have to white list if you want to allow them access to your server. So I would need to create (9) rules x (4) ports = 36 rules. Almost worse, there is no single table to enter them all, so you have to do it one by one. Then you have to try and figure out who's IPs you are allowing access since there is no way to put a comment to let you know. Bottom line, it sucks big time!
I would like to try and duplicate the Centos Host Access Control in CSF on the Alma server. In CSF Firewall Allow IP's I setup rules such as:
MY QUESTION IS: How do I Deny all other IP's to those same ports?
I know under CSF Config there is a TCP_IN for Allow incoming TCP Ports. If I remove 22, 2087, 2083 and 21 from the port list, will I have effectively allowed my IP access and denied all other IP's?
Thank you for any help anyone can provide.
In Centos host access control you can select the Daemon, the IP(s), and Allow or Deny. So for example in my Centos config I allow my IP to access SSHD and then I set the next rule to deny all other IPs to that same Daemon.
In Alma Linux host access config, you can only Allow a single IP to access a port per rule, and you can't put a comment next to the rule. So for example, cPanel support has (9) IP's that you have to white list if you want to allow them access to your server. So I would need to create (9) rules x (4) ports = 36 rules. Almost worse, there is no single table to enter them all, so you have to do it one by one. Then you have to try and figure out who's IPs you are allowing access since there is no way to put a comment to let you know. Bottom line, it sucks big time!
I would like to try and duplicate the Centos Host Access Control in CSF on the Alma server. In CSF Firewall Allow IP's I setup rules such as:
Code: Select all
tcp:in:d=22:s=123.123.123.123 # ssh
tcp:in:d=2087:s=123.123.123.123 # whm
tcp:in:d=2083:s=123.123.123.123 # cpanel
tcp:in:d=21:s=123.123.123.123 # FTP
I know under CSF Config there is a TCP_IN for Allow incoming TCP Ports. If I remove 22, 2087, 2083 and 21 from the port list, will I have effectively allowed my IP access and denied all other IP's?
Thank you for any help anyone can provide.