block ip range

H

hqn34

Verified User
Joined
Nov 7, 2022
Messages
27
I'm receiving attacks from an IP range. I couldn't see the IP range on CSF, and I don't know how to block it. How can I do that?
 
and attacker will use other IP Range. so it useless.

Better tuning your firewall and automatics blocked.
 
Thank you @johannes!
I never use the GUI thing, odd that this is in the country blocking as one would expect country extensions there.
However, if it's possible via GUI, it must also be possible via commandline.

So I checked and indeed the CC_DENY (country code deny) is used, so some way CSF determines the country code based on the AS.

However, this might also go wrong.
Found this article:

But I think for specific things this might be very usefull. Thank you!
 
Be careful when using CC_DENY since tons of IP ranges will be imported for blocking resulting in huge reolad time for csf. Best would be to setup C class netblock in its config so it automatically bans whole C class.
 
MMarko said:
Best would be to setup C class netblock in its config
Click to expand...
You mean this one:
Code: 
LF_NETBLOCK = "1"
LF_NETBLOCK_INTERVAL = "172800"
LF_NETBLOCK_COUNT = "3"
LF_NETBLOCK_CLASS = "C"
LF_NETBLOCK_ALERT = "1"
What would be a good value for the count, is the 3 could or would you suggest another value?

As for CSF restart I don't have issues myself with ipset installed, we have 10K ip's blocked and restarting csf is still short.
 
Yes, 3 - 5 is ok value, I think 4 is default.

I guess you understand what means for general purpose server to filter all traffic through 10k IP rules, specially if there is a lot of traffic... so any way to reduce this is welcome.
 
You must log in or register to reply here.
Back
Top