Page 1 of 1

Use Bruteforce features of CSF/LFD behind hardware firewall

Posted: 09 Jan 2014, 07:14
by anthonysomerset
Hi there

we use CSF on most if not all of our servers on the internet, except when behind hardware firewalls

what i'd love to do is also setup csf/lfd on these devices as well, not for the firewall port blocking/acl as we manage this at the hardware firewall level, but for all the brute force blocking goodness

is it possible to configure CSF in such a way that it only blocks IP's when bruteforcing etc rather than create the full firewall ruleset which it normally creates which also blocks ports and requires to manage firewall rules in 2 places.

Re: Use Bruteforce features of CSF/LFD behind hardware firew

Posted: 09 Jan 2014, 08:35
by ForumAdmin
The simplest way would probably be to set TCP_IN/TCP_OUT UDP_IN/UDP_OUT to "0:65535" in csf.conf. This would allow free access to all ports except those IP addresses that are blocked by lfd.