I just learned about CSF, and like the logging/blocking possibilities it gives me. However it does not do the desired blocking.
The situation is following, I have a server with multiple ip-addresses. I'm running apache on a ip, and ssh on a other one, (so hackers targeting my site have less change to attack the ssh or an other service).
To the csf.allow I added:
tcp|in|d=80|d=xx.xx.xx.xx
tcp|in|d=22|d=xx.xx.xx.xy
However in iptables, the allow is added before the block, rendering it useless.
Chain LOCALINPUT (1 references)
num pkts bytes target prot opt in out source destination
1 1074 92873 ACCEPT tcp -- !lo * 0.0.0.0/0 xx.xx.xx.xy tcp dpt:22
2 34401 2163K ACCEPT tcp -- !lo * 0.0.0.0/0 xx.xx.xx.xx tcp dpt:80
3 0 0 DROP all -- !lo * xx.xx.xx.hacker1 0.0.0.0/0
4 0 0 DROP all -- !lo * xx.xx.xx.hacker2 0.0.0.0/0
Is there a way to reverse it?