Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » firewall » csf
Trace: thunderbird_sync mailcleaner_csf
networking:firewall:csf

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
networking:firewall:csf [2022/08/22 08:43]
gcooper 		networking:firewall:csf [2023/03/10 10:46]
gcooper
Line 45: Line 45:
 wget -q http://www.webmin.com/jcameron-key.asc -O- | sudo apt-key add - wget -q http://www.webmin.com/jcameron-key.asc -O- | sudo apt-key add -
 add-apt-repository universe && apt update add-apt-repository universe && apt update
-apt install webmin ssmtp unzip ipset libwww-perl liblist-compare-perl \+ 
 +apt install webmin unzip ipset libwww-perl liblist-compare-perl \
 liblwp-protocol-https-perl libio-socket-ssl-perl libcrypt-ssleay-perl \ liblwp-protocol-https-perl libio-socket-ssl-perl libcrypt-ssleay-perl \
 libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl libgd-graph-perl libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl libgd-graph-perl
Line 61: Line 62:
 systemctl status ufw.service systemctl status ufw.service
 ufw status verbose ufw status verbose
-ufw allow 10000/tcp  #Webmin+ufw allow from <your_management_ip_cidr> proto tcp to any port 10000 #Webmin
 </file> </file>
  
Line 199: Line 200:
 |Testing            |0                                               | |Testing            |0                                               |
 |IPV6               |1                                               | |IPV6               |1                                               |
-|TCP_IN             |20,21,22,25,53,80,110,143,443,465,587,993,995,2222,10000,20000 +|TCP_IN             |20,21,22,25,53,80,110,143,443,465,587,993,995   
-|TCP_OUT            |20,21,22,25,53,80,110,113,443,2222              |+|TCP_OUT            |20,21,22,25,53,80,110,113,443                   |
 |UDP_IN             |20,21,53                                        | |UDP_IN             |20,21,53                                        |
 |UDP_OUT            |20,21,53,113,123,33434:33523                    | |UDP_OUT            |20,21,53,113,123,33434:33523                    |
-|TCP6_IN            |20,21,22,25,53,80,110,143,443,465,587,993,995,2222,10000,20000 +|TCP6_IN            |20,21,22,25,53,80,110,143,443,465,587,993,995   
-|TCP6_OUT           |20,21,22,25,53,80,110,113,443,2222              |+|TCP6_OUT           |20,21,22,25,53,80,110,113,443                   |
 |UDP6_IN            |20,21,53                                        | |UDP6_IN            |20,21,53                                        |
 |UDP6_OUT           |20,21,53,113,123,33434:33523                    | |UDP6_OUT           |20,21,53,113,123,33434:33523                    |
Line 213: Line 214:
 |LF_IPSET           |1                                               | |LF_IPSET           |1                                               |
 |SYNFLOOD           |1                                               | |SYNFLOOD           |1                                               |
-|CONNLIMIT          |22;10,80;30,110;5,143;5,443;30,465;5,587;5,993;5,995;5,2222;10,10000;30 +|CONNLIMIT          |22;10,80;30,110;5,143;5,443;30,465;5,587;5,993;5,995;5 | 
-|PORTFLOOD          |22;tcp;15;300,80;tcp;20;5,110;tcp;20;5,143;tcp;20;5,443;tcp;20;5,465;tcp;20;5,587;tcp;20;5,993;tcp;20;5,995;tcp;20;5,2222;tcp;15;300,10000;tcp;30;5 |+|PORTFLOOD          |22;tcp;15;300,80;tcp;20;5,110;tcp;20;5,143;tcp;20;5,443;tcp;20;5,465;tcp;20;5,587;tcp;20;5,993;tcp;20;5,995;tcp;20;5 |
 |DROP_OUT_LOGGING   |1                                               | |DROP_OUT_LOGGING   |1                                               |
 |CONNLIMIT_LOGGING  |1                                               | |CONNLIMIT_LOGGING  |1                                               |
Line 281: Line 282:
  
 To allow a range of ports to and from a remote host: To allow a range of ports to and from a remote host:
 +
 +# Webmin Access
 +tcp|in|d=10000|s=1.2.3.4   # Allow from your management IP or CIDR
  
 <file> <file>
Line 511: Line 515:
  
 ====== LFD - Login Failure Daemon ====== ====== LFD - Login Failure Daemon ======
 +
 +**Custom RegEx**: https://forum.configserver.com/viewtopic.php?t=7517
  
 LFD does more than just monitor log files for login failures. LFD does more than just monitor log files for login failures.
Line 534: Line 540:
 **Virtualmin SMTP**: https://www.virtualmin.com/comment/737419#comment-737419 **Virtualmin SMTP**: https://www.virtualmin.com/comment/737419#comment-737419
  
-:!: The Postfix MTA is not directly supported by LFD.  You must use custom settings.+:!: The Postfix MTA is not directly supported by LFD.  You must use custom settings.  FIXME Is this still true?
  
 ==== CentOS ==== ==== CentOS ====
networking/firewall/csf.txt · Last modified: 2023/03/10 10:48 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki