The title is telling I guess. I'm wondering how to block ALL IPs in csf.deny except few trusted IPs? I've googled but could not find the answer.
Asked
Active
Viewed 3,437 times
1 Answers
3
The solution is not to deny all IPs (e.g. deny 0.0.0.0/0) but to allow only the specified static IPs or ranges. Then, the default action of CSF will be to DROP other traffic.
This same principle applies to other firewalls like iptables -- as long as the default action is "DROP," then all you need is allow rules.
Herringbone Cat
- 186
- 4
-
Would you please elaborate, what should I change in my csf.conf (if any) to set default to DROP? – Jand Jun 11 '15 at 20:08
-
Nothing! The default action is to DROP, so all you need to do is allow the IPs you want. – Herringbone Cat Jun 11 '15 at 20:16