Firewall is banning some IPs that shouldnt be banned

H

hansvdput

Verified User
Joined
Jun 29, 2015
Messages
42
Dear,

I have a directadmin server on Centos 6 running with:
ConfigServer Security & Firewall - csf v8.08

It seems really secure and allright.

But now i get the problem.

When a user tries to connect by FTP and types password wrong 5 times he is banned.
For some clients the DNS changed from a server to this one. So they automatically connect to the server before they could change the paswords.
Now these clients are getting banned from using the wrong credentials to login to the mail adres.

Is there any way i can select how many times someone can give a wrong answer before being banned.
And can i change the ban time?

They seem to get perma banned, but is that neccesary?

Thank you!
 
So the Firewall is working as designed and banning ip's which should be banned.

You can change the amount, so you can set it to 10 tries instead of 5 tries. However, on DNS changes they still can be blocked. It's better to give your clients a notice to wait 24 hours before trying to use FTP again.

There is no need to be perma banned. All settings can be changed also to a less period like 15 minutes.

Go in your csf.conf and edit these:
Code: 
LF_FTPD = "5"
LF_FTPD_PERM = "14400"
You could set LF_FTPD to 10 so they can make 10 times a wrong login.
If LF_FTPD_PERM = 1 they will get banned permanently. If you want them being banned some time, place the amount of seconds in there.
So like 14400 = ban for 4 hours.

Also check these are like this:
Code: 
LF_TRIGGER = "0"
LF_TRIGGER_PERM = "1"
This way you can trigger per app, so you can make the FTP setting like above.

And also check this one:
Code: 
LF_PERMBLOCK = "1"
LF_PERMBLOCK_INTERVAL = "3"
LF_PERMBLOCK_COUNT = "x"
LF_PERMBLOCK_ALERT = "1"
Set it toe the values you want. A value of LF_PERMBLOCK_INTERVAL means they will get a permanent ban after they already had 3 times a temp ban in the last LF_PERMBLOCK_INTERVAL seconds.
You can set that to a short period, but I would advise to use 48 or 72 hours (use seconds for the value).
 
You must log in or register to reply here.
Back
Top