3

The title is telling I guess. I'm wondering how to block ALL IPs in csf.deny except few trusted IPs? I've googled but could not find the answer.

Jand
  • 213
  • 1
  • 4
  • 7

1 Answers1

3

The solution is not to deny all IPs (e.g. deny 0.0.0.0/0) but to allow only the specified static IPs or ranges. Then, the default action of CSF will be to DROP other traffic.

This same principle applies to other firewalls like iptables -- as long as the default action is "DROP," then all you need is allow rules.