Learn about Centmin Mod LEMP Stack today
Become a Member

Not A Bug centmin.sh Add CF range to "permitted"?

Discussion in 'Bug Reports' started by Tracy Perry, Jul 17, 2023.

  1. Tracy Perry

    Tracy Perry Active Member

    276
    115
    43
    Aug 24, 2014
    Texas
    Ratings:
    +205
    Local Time:
    11:53 PM
    1.21.6
    MariaDB 10.3.36
    I recently found a "guest" coming in from 198.41.144.253


    Screen Shot 2023-07-17 at 6.21.57 AM.png

    Apparently there is a new "valid" range for CF IP's that should be included in the Cloudflare config file?
    Code:
    198.41.144.0/22
     
  2. eva2000

    eva2000 Administrator Staff Member

    51,994
    11,976
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,473
    Local Time:
    2:53 PM
    Nginx 1.25.x
    MariaDB 10.x
    Which config file you're looking at locally?

    Seems it's already added to CSF Firewall - this is on test AlmaLinux 9 based Centmin Mod 130.00beta01 that I left alone with it's auto setup cronjob that auto adds new Cloudflare IP ranges to CSF Firewall whitelisting
    Code (Text):
    crontab -l | grep csfcf
    22 */12 * * * /usr/local/src/centminmod/tools/csfcf.sh auto >/dev/null 2>&1
    

    Ensure the cronjob was added by Centmin Mod's initial install that runs every 12hrs to add newly detected Cloudflare IP ranges.

    CSF Firewall grep IP shows range = 198.41.128.0/17 was auto added
    Code (Text):
    csf -g 198.41.144.253
    
    Table  Chain            num   pkts bytes target     prot opt in     out     source               destination       
    No matches found for 198.41.144.253 in iptables
    IPSET: Set:chain_ALLOW Match:198.41.144.253 Setting: File:/etc/csf/csf.allow
    ip6tables:
    Table  Chain            num   pkts bytes target     prot opt in     out     source               destination       
    No matches found for 198.41.144.253 in ip6tables
    
    Permanent Allows (csf.allow): 198.41.128.0/17 # cloudflare - Fri Jun  2 10:33:31 2023
    

    Confirming the IPv4 IPs currently used by Cloudflare and Centmin Mod via tools/csfcf.sh and I do see IP range 198.41.128.0/17
    Code (Text):
    /usr/local/src/centminmod/tools/csfcf.sh ipv4-only
    173.245.48.0/20
    103.21.244.0/22
    103.22.200.0/22
    103.31.4.0/22
    141.101.64.0/18
    108.162.192.0/18
    190.93.240.0/20
    188.114.96.0/20
    197.234.240.0/22
    198.41.128.0/17
    162.158.0.0/15
    104.16.0.0/13
    104.24.0.0/14
    172.64.0.0/13
    131.0.72.0/22
    

    And in auto generated cloudflare.conf include file
    Code (Text):
    cat /usr/local/nginx/conf/cloudflare.conf | grep 198.41
    set_real_ip_from 198.41.128.0/17;
    
     
  3. Tracy Perry

    Tracy Perry Active Member

    276
    115
    43
    Aug 24, 2014
    Texas
    Ratings:
    +205
    Local Time:
    11:53 PM
    1.21.6
    MariaDB 10.3.36
    May have caught it in an "in between" state... because it wasn't listed when I checked (and I manually all related cloudflare config files up. ;)
     
  4. eva2000

    eva2000 Administrator Staff Member

    51,994
    11,976
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,473
    Local Time:
    2:53 PM
    Nginx 1.25.x
    MariaDB 10.x
    Would depend on what you installed Centmin Mod as initial install would run tools/csfcf.sh once to populate
    /usr/local/nginx/conf/cloudflare.conf include file and setup cronjob.
     
  5. Tracy Perry

    Tracy Perry Active Member

    276
    115
    43
    Aug 24, 2014
    Texas
    Ratings:
    +205
    Local Time:
    11:53 PM
    1.21.6
    MariaDB 10.3.36
    Was when you first invited me to the AlmaLinux/Rocky beta a few months ago.
    But it very likely (if the cron job is a regular sequence) before it got to run...