Page 1 of 1
CIDR Blocks Deny not working
Posted: 17 Jul 2014, 16:00
by jcinfargo
Hello -
I am getting a lot of alerts of individual IPs that are being blocked even though I have a CIDR block setup to deny the block that would included the IP that is being blocked. I love Configserver and like that it is mostly working, but all the individual blocks are making me increase my Deny limit. This has been happening for several months now and I am running the latest version. Any assistance on this would be great.
Thank you.
Re: CIDR Blocks Deny not working
Posted: 17 Jul 2014, 23:37
by skate323k137
I've never seen an issue with this. Iptables rules should not be allowing those IPs to reach your server at all if csf.deny is properly formatted. Are you putting #"do not delete" next to the cidr blocks so that they are not rotated out when the deny limit is reached?
Re: CIDR Blocks Deny not working
Posted: 10 Jul 2015, 09:54
by Solid_State
I'm having the same issue with CIDR ranges in csf.deny.
I thought I must have been doing something wrong.
From what I can see, /24 works, but /23 does not?
For example: in /etc/csf/csf.deny;
# This works perfectly;
81.92.113.0/24 # do not delete
81.92.114.0/24 # do not delete
# This doesn't block IPs from 81.92.114.xxx;
81.92.113.0/23 # do not delete
That said, I don't have too many addresses / ranges to block.
I'm extremely impressed with the product.
Don't know how I ever got along without it (installed CSF about six months ago).
Re: CIDR Blocks Deny not working
Posted: 10 Jul 2015, 10:01
by ForumAdmin
A CIDR block of 81.92.113.0/23 will block the IP range 81.92.112.0 - 81.92.113.255
You need to use a CIDR tool to accurately calculate your CIDRs, e.g.:
http://www.ipaddressguide.com/cidr
Re: CIDR Blocks Deny not working
Posted: 15 Jul 2015, 13:29
by Solid_State
Hi There,
"I thought I must have been doing something wrong".
... and I was. I'm an idiot :-)
I'll be more careful in future.
Thanks for the link.