In csf.allow i have put this
Code: Select all
tcp|in|d=5080|s=x.x.x.x.xthen used a proxy and asked my few friends everyone is able to access what is the reason behind this ?
Unable to block access from other IP to a specific port
Unable to block access from other IP to a specific port
Hello, guys i am trying to allow access to only one IP on a specific port to my server. After Googling i find something.
In csf.allow i have put this
after doing this. i have reloaded csf using csf -r
then used a proxy and asked my few friends everyone is able to access what is the reason behind this ?
In csf.allow i have put this
then used a proxy and asked my few friends everyone is able to access what is the reason behind this ?
Re: Unable to block access from other IP to a specific port
What are your TCP / IN ports in CSF configuration? Does the port 5080 appears on that line?
Re: Unable to block access from other IP to a specific port
Yes, this port is in tcp_in as well as in tcp6_inSergio wrote:What are your TCP / IN ports in CSF configuration? Does the port 5080 appears on that line?
Re: Unable to block access from other IP to a specific port
ok, in order for only 1 IP to access that port, you should not write the port in the TCP / IN.
The reason is that any port that you wrote in your TCP IN is allowed to be accessed by any IP, so, if you don't write that port it means that the port is closed for everyone and that is why you use the:
tcp|in|d=5080|s=x.x.x.x.x
in csf.allow to let that only IP to access the port.
So, delete the port 5080 from the TCP / IN and try again.
The reason is that any port that you wrote in your TCP IN is allowed to be accessed by any IP, so, if you don't write that port it means that the port is closed for everyone and that is why you use the:
tcp|in|d=5080|s=x.x.x.x.x
in csf.allow to let that only IP to access the port.
So, delete the port 5080 from the TCP / IN and try again.
Re: Unable to block access from other IP to a specific port
I have done what you said.Sergio wrote:ok, in order for only 1 IP to access that port, you should not write the port in the TCP / IN.
The reason is that any port that you wrote in your TCP IN is allowed to be accessed by any IP, so, if you don't write that port it means that the port is closed for everyone and that is why you use the:
tcp|in|d=5080|s=x.x.x.x.x
in csf.allow to let that only IP to access the port.
So, delete the port 5080 from the TCP / IN and try again.
Now no one is able to connect to that port even that IP which is allowed to connect.
Also whenever i try to access this port via browser it says "Connection Timeout".
As per my knowledge if port is blocking other IPs it must say "Connection Refused"
Re: Unable to block access from other IP to a specific port
You can read all the info inside CSF.CONFIG there is a lot of interest info.hazhayder wrote: I have done what you said.
Now no one is able to connect to that port even that IP which is allowed to connect.
Also whenever i try to access this port via browser it says "Connection Timeout".
As per my knowledge if port is blocking other IPs it must say "Connection Refused"
In there you can read:
"Drop target for iptables rules. This can be set to either DROP ot REJECT.
REJECT will send back an error packet, DROP will not respond at all. REJECT
is more polite, however it does provide extra information to a hacker and
lets them know that a firewall is blocking their attempts. DROP hangs their
connection, thereby frustrating attempts to port scan the server."
So, "Connection Timeout" will display if you have DROP = DROP but if you want everybody know that the port is blocked then you should change DROP = REJECT, that I don't recommend.
If your server is still refusing to accept that IP, please copy paste a few log lines to see why it was blocked.
Re: Unable to block access from other IP to a specific port
Can I do the same trick, given the fact that I have constantly running a proxy server? I need to use it constantly.