Want to subscribe to topics you're interested in?
Become a Member

CSF block all except csf.dyndns

Discussion in 'System Administration' started by Guilherme Jaccoud, Oct 20, 2014.

  1. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    9:40 PM
    Hello,

    I have an admin server which is the only machine allowed to ssh into my web servers. I would like to block all incoming connections to the admin server using CSF firewall, except to myself :D

    Since my IP is dynamic and CSF allows dynamic DNS, I have a script that uses the CloudFlare API to update the A record of the hostname (myself.mydomain.com) whitelisted in /etc/csf/csf.dyndns.

    Code:
    #!/bin/sh
    
    SH_DIR="/Users/$USER/_bash"            # path to script
    OLD_IP=`cat $SH_DIR/cf_update.log`    # ip log file
        IP=`curl ifconfig.me`            # public ip address
    
    if [[  "$IP" == "$OLD_IP"  ]];
    then echo "Public IP has not changed."
    else echo $IP > $SH_DIR/cf_update.log
         curl https://www.cloudflare.com/api_json.html \
            -d 'a=rec_edit' \
            -d 'tkn=CLOUDFLARE-API-KEY'    \
            -d 'email=CLOUDFLARE-EMAIL' \
            -d 'z=DOMAIN-NAME' \
            -d 'id=A-RECORD-ID' \
            -d 'name=A-RECORD-NAME' \
            -d 'type=A' \
            -d 'ttl=1' \
            -d "content=$IP"
    fi
    
    The question is, using CSF firewall, how can I block all incoming connections to the admin server while allowing me to connect and the server itself to make all necessary outgoing connections like ssh, wget, curl, git, etc… ?

    Cheers :)
     
  2. eva2000

    eva2000 Administrator Staff Member

    29,035
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,784
    Local Time:
    10:40 AM
    Nginx 1.13.x
    MariaDB 5.5