ConfigServer Community Forum

I've got a server with multiple public-facing IPs, and I'd like certain services to only be bound on certain IPs. Services like SSH and FTP can simply be configured to only bind to a single interface, but I've got a couple stubborn ones that insist on binding to them all.

What I'm basically looking for is something like the TCP_IN option, but address-specific. For example, connections to 1.2.3.4:9000 are allowed, but connections to port 5.6.7.8:9000 are not.

What's the best way to do something like this? I can manage with either a black- or whitelisting solution.

Solution from cPanel forums:

in /etc/csf/csf.deny:

Code: Select all

tcp|in|d=2087|d=123.123.123.2

This would deny port 2087 on 123.123.123.2 but not other IPs allocated to the server. Create more rules to block other ports on other specific IP addresses.