Page 1 of 1
How to block specific port from all country except one
Posted: 02 Mar 2014, 05:48
by Gaurav
Hi There,
Recently been hit by a distributed attack from many geo location on SMTP, system, FTP etc.
I tried and liked CC_ALLOW_FILTER = "" and added my country there and it was great, but little later realize that this block everyone (great) on all ports (including port:80).
Wondering if there is any way to block all ports except 80 from everywhere except my country?
Re: How to block specific port from all country except one
Posted: 06 Mar 2014, 14:11
by barkster28
I'm no expert but I was doing similar using by adding this to the firewall allow ip's
tcp:in:d=80:s=0.0.0.0/0
udp:in:d=53:s=0.0.0.0/0
tcp:out:s=80:d=0.0.0.0/0
udp:out:s=53:d=0.0.0.0/0
Re: How to block specific port from all country except one
Posted: 10 Mar 2014, 07:47
by Gaurav
Thanks Barkster, for great advise. It worked perfectly.
But sad part is when I restrict whole world except my country for SSH, WHM and cpanel ports, I am also blocked out now. Looks like CSF country db is not updated regularly. Any idea on how to deal with this issue now, any back door to enter and remove that CC allow filter setting?
Note for others: Always white list your current IP before trying new changes.
Re: How to block specific port from all country except one
Posted: 10 Mar 2014, 07:50
by Gaurav
I entered with format "XX,XX,XX" as I wanted to add three countries to exclude as an exception and block all others. Hope my format is correct without spaces.....?
Re: How to block specific port from all country except one
Posted: 12 Mar 2014, 13:01
by barkster28
Yeah I've locked myself out before also but I'm not blocking everything like you I block only what I want too. Sorry I'm not much help, I'm not very good at linux.
Re: How to block specific port from all country except one
Posted: 08 Jul 2015, 23:40
by ITGabs
There are two possibilities
Case 1
This is the answer, but in not a good idea since country codes ranges are not accurate, may fail or take long time to update resulting in annoying blocks.
Example: allow incoming SMTP HTTP HTTPS to everyone and allow other services like FTP SSH POP3 IMAP DNS etc to the following countries USA Thailand and New Zealand
TCP_IN = 25,80,443
CC_ALLOW_PORTS = US,TH,NZ
CC_ALLOW_PORTS_TCP = 20,21,22,53,110,143,465,587,993,995
CC_ALLOW_PORTS_UDP = 20,21,53
Note: Ports in CC_ALLOW_PORTS_TCP/UDP should be removed from TCP_IN/UDP_IN to block access from elsewhere.
Case 2 ( recommended )
Block few countries but still allow them to reach some ports
Example: Block China Russia and Nigeria except http and https
CC_DENY_PORTS = NG,CN,RU
CC_DENY_PORTS_TCP = 1:79,81:442,444:65535
CC_DENY_PORTS_UDP = 1:65535