Page 1 of 1
easy question about csf --deny
Posted: 03 Apr 2014, 06:28
by edwardsmarkf
hello all -
when i issue a command such as:
csf --deny 111.222.333.444 ;
do i also need to issue the command:
csf --restart ;
to make this IP number actually blocked?
i notice even though there is an IP ## in the csf.deny file, that IP can still reach our server.
Re: easy question about csf --deny
Posted: 03 Apr 2014, 10:51
by es2alna
Hi,
Yes, you should restart CSF to take effect.
Note: You can use short commands like this
Code: Select all
csf -d #to deny
csf -a #to allow
csf -r #to restart
Thanks,
Re: easy question about csf --deny
Posted: 03 Apr 2014, 14:49
by mt25
Strange. I don't recall ever having to restart CSF after doing a simple 'csf -d'. If CSF had to be restarted each time 'csf -d' was ran, that would impose a huge performance penalty on a server if brute force protection of services was in place.
M
Re: easy question about csf --deny
Posted: 03 Apr 2014, 15:23
by edwardsmarkf
quick test -- it appears that csf -r; (or for us newbies: csf --restart; ) is actually unnecessary.
i just used an IP number from a VPN and blocked it, and the blocking appears to have worked without restarting.
now i wonder how my nasty wordpress hackers were able to reach wp-login.php even though their IP address was denied.....
Re: easy question about csf --deny
Posted: 04 Apr 2014, 03:51
by Sergio
You don't need to do any restart when you are adding an IP to the firewall nor deleting it.
CSF restart will be only needed when CSF has any update or when you need to set up again your iptable rules.