Join the community today
Become a Member

Sysadmin Csf firewall doesn't block ip

Discussion in 'System Administration' started by pamamolf, Aug 13, 2016.

  1. SeaTea

    SeaTea Member

    49
    13
    8
    Feb 20, 2015
    the Netherlands
    Ratings:
    +28
    Local Time:
    12:57 PM
    Nginx:1.11
    MariaDB-10
    Just try to uninstall fail2ban then if you don't use it. Maybe csf is not controlling iptables anymore in your installation if added blocked ip's do not really block. You could check the iptables configuration to see if other settings are operational.

    csf works fine here, if you would use lfd too, you would not need for fail2ban I think.
    I use both csf and lfd, and use webmin to control the settings via a gui, which is also available in CPanel and DirectAdmin if you have those on your servers. Some example screens of that are found here.
     
  2. eva2000

    eva2000 Administrator Staff Member

    44,750
    10,204
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,814
    Local Time:
    8:57 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    fail2ban just installing it won't do much when paired with csf firewall. You need to properly configure fail2ban in general + configure for CSF firewall usage for specific applications like Centmin Mod installed nginx. fail2ban isn't something you can just yum or source install and will work out of the box as is.

    I have been doing internal private testing for Centmin Mod Nginx + CSF FIrewall + fail2ban configuration as well which covers application level fail2ban profiles for Centmin Mod Nginx, wordpress, xenforo, vbulletin etc. CSF Firewall LFD handles banning brute force TCP level attacks like SSHD brute force but doesn't handle application level like fail2ban for log in failures to web apps.
     
    Last edited: Aug 21, 2016
  3. pamamolf

    pamamolf Premium Member Premium Member

    3,827
    370
    83
    May 31, 2014
    Ratings:
    +712
    Local Time:
    1:57 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    Yes i know how to configure it but i just don't know why if i use csf -d ip i am getting it on deny file with comment in front.....

    Now i will test it on another server and i will report back in a minute :)
     
  4. eva2000

    eva2000 Administrator Staff Member

    44,750
    10,204
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,814
    Local Time:
    8:57 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    try uninstalling fail2ban and try again, could be some conflict ?
     
  5. pamamolf

    pamamolf Premium Member Premium Member

    3,827
    370
    83
    May 31, 2014
    Ratings:
    +712
    Local Time:
    1:57 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    I just try it on another server with Centos 7 and i got ban my vpn ip without any issues and without the comment # in front :)

    But i was able to browse the forum but not able to connect to server ip in any way.....

    Maybe because i use Cloudflare ?
     
  6. eva2000

    eva2000 Administrator Staff Member

    44,750
    10,204
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,814
    Local Time:
    8:57 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yes cloudflare will render any local CSF / iptables blocking useless as iptables can't see the real IP of the visitor once Cloudflare or any reverse proxy is in front of it. Nginx can as you setup a realip forward from Cloudflare passed onto Nginx when configured properly i.e. from @Oxide's thread at CF => Nginx Rev => Nginx/PHP .. How? | Centmin Mod Community

    actually @Oxide has a guide on for workaround of sorts when using Lua Nginx module which is optionally supported in Centmin Mod 123.09beta01 and higher branches How to limit requests, and ban those hitting the limit | Centmin Mod Community
     
  7. pamamolf

    pamamolf Premium Member Premium Member

    3,827
    370
    83
    May 31, 2014
    Ratings:
    +712
    Local Time:
    1:57 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    Ok great :)

    So i can block the ip at Cloudflare panel also and done :)

    Thanks
     
  8. eva2000

    eva2000 Administrator Staff Member

    44,750
    10,204
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,814
    Local Time:
    8:57 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  9. pamamolf

    pamamolf Premium Member Premium Member

    3,827
    370
    83
    May 31, 2014
    Ratings:
    +712
    Local Time:
    1:57 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    Anything on software level must be automated to ban otherwise limiting will not help on attack and blocking from cloudflare for layer 7 attacks is the best way and for layer 4 banning using iptables is next best way.....

    Software limiting or blocking will not help.....
     
  10. eva2000

    eva2000 Administrator Staff Member

    44,750
    10,204
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,814
    Local Time:
    8:57 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yeah true