csf and locked port specific

[jose1310]

is there any way to block an IP, but only http traffic (port 80) and that other services work?

for example, from a certain IP, can not navigate but that the email does work?

how to do it by csf?

[Sergio]

The FIREWALL INFORMATION is the best way to look for this, as an example in there you can read:

... csf.deny you can add more complex port and ip
filters using the following format (you must specify a port AND an IP address):

tcp/udp|in/out|s/d=port|s/d=ip|u=uid

Broken down:

tcp/udp : EITHER tcp OR udp OR icmp protocol
in/out : EITHER incoming OR outgoing connections
s/d=port : EITHER source OR destination port number (or ICMP type)
(use a _ for a port range, e.g. 2000_3000)
s/d=ip : EITHER source OR destination IP address
u/g=UID : EITHER UID or GID of source packet, implies outgoing connections,
s/d=IP value is ignored

Examples:

# TCP connections inbound to port 3306 from IP 11.22.33.44
tcp|in|d=3306|s=11.22.33.44

# TCP connections outbound to port 22 on IP 11.22.33.44
tcp|out|d=22|d=11.22.33.44
...