CSF CSF Firewall info

google-fu How to allow dynamic dns in csf

FYI

• csf.dyndns = /etc/csf/csf.dyndns
• csf.conf = /etc/csf/csf.conf

noip.com and dnsexit.com are 2 dynamic dns providers you can use

 

probably need to find a dynamic dns provider i.e. noip.com that has a client app for pc, mobile, tablet devices ? i.e. for Android Dynamic DNS client - Android Apps on Google Play or No-IP client - Android Apps on Google Play

Or get a VPN and connect through that. Alot of VPN providers have client apps for mobile and desktop too. Added security

Or setup your own VPN server with VPS server i.e. use OpenVPN or something. I use OpenVPN on Brisbane and USA VPS so I have 2 dedicated IPs as well as all my mobile/wireless devices only ever access the internet via the OpenVPN mobile/tablet client (Android).

 

Well you can whitelist the entire ip range for your ISP(s)

i.e. for ip 174.36.202.235 according to http://whois.domaintools.com/174.36.202.235 CIDR range is 174.36.0.0/15 or for 174.36.202.232 - 174.36.202.235 is CIDR 174.36.202.232/30

so whitelist those

Code:

csf -a 174.36.0.0/15

or

Code:

csf -a 174.36.202.232/30

probably can find your provider's name at IPv4 Address Space report | Overview of all IPv4 subnets and IP addresses available. and see all there ip ranges

 

whitelist your VPN ips to your servers as a backup and if you have more than one VPS/Server, whitelist their ips with each other, so you can SSH into any VPS from other VPS you have access to

alternative to noip.com = DNSExit Free Dynamic DNS services for Dynamic IP

 

@Liam W moved posts to the dedicated CSF Firewall thread

Also might want to check out @Guilherme Jaccoud 's cloudflare solution for dynamic IP whitelisting in CSF CSF block all except csf.dyndns | Centmin Mod Community

 

@Liam W

How to set dynamic dns hostname on DNSExit for CSF Whitelisting

Very easy indeed to do

step 1. Sign up for free dynamic dns subdomain hostname with DNSExit Free Dynamic DNS services for Dynamic IP i.e. yourhostname.publicvm.com

step 2. Log into your VPS or dedicated servers and on SSH command line type the following lines. Remember to change the first DYNDNSHOST variable to your own hostname created from step 1 above.

Code:

DYNDNSHOST=yourhostname.publicvm.com

Once changed, type the following in SSH window as root user

Code:

DYNDNSHOST=yourhostname.publicvm.com
echo "$DYNDNSHOST" >> /etc/csf/csf.dyndns;
sed -i 's/DYNDNS = \"0\"/DYNDNS = \"300\"/' /etc/csf/csf.conf;
sed -i 's/DYNDNS_IGNORE = \"0\"/DYNDNS_IGNORE = \"1\"/' /etc/csf/csf.conf;
csf -r;
egrep '^DYNDNS|^DYNDNS_IGNORE' /etc/csf/csf.conf;
tail -2 /etc/csf/csf.dyndns;

Note, Centmin Mod .08 beta has been updated already with DYNDNS=300 and DYNDNS_IGNORE=1 settings for csf.conf

step 3. Download and install DNS Update client from Dynamic DNS IP Update Clients - ipUpdaters on your local PC so it auto updates your dynamically assigned IP address from your ISP. DNSExit also offer url API to update the IP manually too.

 

cheers updated list at CSF Firewall - Centmin Mod - Menu based Nginx installer for CentOS servers

 

no way to set to csf defaults, as Centmin Mod overrides those defaults. I suppose, I can add in backup original csf.conf before modifying it for .08 beta

as to error for xt_connlimit module kernel support is configured at VPS host level - so you need for your web host to enable or configure it at host level i.e. OpenVZ VPS is common one for not having it configured for some web hosts at OpenVZ host node level. Hence, another reason I prefer KVM or Xen based VPSes

 

ah ha I was smart enough to do that in inc/csfinstall.inc line 29 has a backup of original csf.conf BEFORE any centmin mod tweaks were done

backup original csf.conf before Centmin Mod tweaks /etc/csf/csf.conf-bak

Code:

cp -a /etc/csf/csf.conf /etc/csf/csf.conf-bak

 

well conn tracking isn't enabled on linode so xt_connlimit isn't needed AFAIK

so error from perl /usr/local/csf/bin/csftest.pl can be ignored

edit: okay according to xt_connlimit error CSF | mickeylee.co.uk Linode's custom kernels have built in support for xt_connlimit, so it isn't loaded as a module, so CSF test is a false error.