Join the community today
Register Now

CSF block all except csf.dyndns

Discussion in 'System Administration' started by Guilherme Jaccoud, Oct 20, 2014.

  1. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    8:50 PM
    Hello,


    I have an admin server which is the only machine allowed to ssh into my web servers. I would like to block all incoming connections to the admin server using CSF firewall, except to myself :D

    Since my IP is dynamic and CSF allows dynamic DNS, I have a script that uses the CloudFlare API to update the A record of the hostname (myself.mydomain.com) whitelisted in /etc/csf/csf.dyndns.

    Code:
    #!/bin/sh
    
    SH_DIR="/Users/$USER/_bash"            # path to script
    OLD_IP=`cat $SH_DIR/cf_update.log`    # ip log file
        IP=`curl ifconfig.me`            # public ip address
    
    if [[  "$IP" == "$OLD_IP"  ]];
    then echo "Public IP has not changed."
    else echo $IP > $SH_DIR/cf_update.log
         curl https://www.cloudflare.com/api_json.html \
            -d 'a=rec_edit' \
            -d 'tkn=CLOUDFLARE-API-KEY'    \
            -d 'email=CLOUDFLARE-EMAIL' \
            -d 'z=DOMAIN-NAME' \
            -d 'id=A-RECORD-ID' \
            -d 'name=A-RECORD-NAME' \
            -d 'type=A' \
            -d 'ttl=1' \
            -d "content=$IP"
    fi
    
    The question is, using CSF firewall, how can I block all incoming connections to the admin server while allowing me to connect and the server itself to make all necessary outgoing connections like ssh, wget, curl, git, etc… ?

    Cheers :)
     
  2. eva2000

    eva2000 Administrator Staff Member

    54,527
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    9:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+