Guide

User Tools

Site Tools

Trace: firewall
wiki:firewall

This is an old revision of the document!

Table of Contents

Firewall

Beacontechnology uses CSF to manage the linux firewall

General Management

Whitelisting IPs

IPs can be whitelisted two different ways, either via the web interface or SSH

If using the web interface:

  1. Go to WHM > ConfigServer Security & Firewall
  2. Click “csf” tab near the top, under the banners
  3. Under “csf - ConfigServer Firewall” click “Firewall Allow IPs”
  4. Add IP and comment to list how the rest are
  5. Click Change
  6. Click Restart csf+lfd

If using shell/ssh

  1. Edit /etc/csf/csf.allow
  2. Add entries like the others and save the file
  3. Run: csf -ra to restart/reload CSF

Removing Banned IPs

CSF

While the server only allows whitelisted IPs to connect, it might be possible that the server can ban someone that is on the list if they try to log in too many times.

  1. Under WHM > ConfigServer Security & Firewall
  2. Go to: csf - ConfigServer Firewall
  3. Where it says: Search for IP, type in their IP and click Search.
  4. If something comes back, click Return
  5. Go to: csf - Quick Actions
  6. Type in the IP to Quick Unblock and click the button

cPHulk

cPHulk can also block IPs for various reasons.

To find blacklisted IPs:

Go to: WHM > cPHulk Brute Force Protection Click “Blacklist Management” You should see all IPs block by cPHulk on this page If you want to remove an IP from the list, just click Delete and Continue

You can also whitelist in cPHulk as well by going to the “Whitelist Management page”. If you are whitelisting yourself from your current machine, you can just click “Add to Whitelist” on the red box.

Installation General Information

Two main things need to be set up

  1. CSF needs to be configured to not allow any ports
  2. IPs need to be added to the csf.allow list

Installation

The administrative security policy requires that only specified Ips are allow to connect to the dev server. CSF is one of the most popular cPanel plugins to somewhat easily control the linux firewall.

Click Here for the documentation to set up CSF.

Otherwise, run these commands: 

cd /root
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
./install.cpanel.sh

# reboot server

sed -ibak 's/^TESTING = "1"/TESTING = "0"/'
sed -r -ibak 's/^TCP_IN = "[0-9,]+"/TCP_IN = ""/' /etc/csf/csf.conf

sync; csf -ra
wiki/firewall.1627612722.txt.gz · Last modified: 2021/07/30 02:38 by guidebeacon
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki