CSF auto unblock time setting

LJSHost

Well-known member
Hosting Provider
Registered
Joined
Jul 5, 2016
Messages
1,031
Points
63
Hi Everyone,

I have a quick question which I'm sure the solution to is very simple but it's just bugging me right now :computer:

Where do I find the auto unblock setting for a blocked IP in CSF, I have looked at all the setting but some of the descriptions are not very clear.

For example when an IP is blocked after a period of say 1 hour CSF automatically removes the block.

Thanks All
 

Chris Worner

Well-known member
Registered
Joined
Apr 15, 2016
Messages
612
Points
28
I have never seen this option in CSF that allow to auto unblock an IP in CSF. :)

If you want to unblock an IP Address in CSF then using this command

csf -dr IP_address
You need to restart CSF to take effect:

 

LJSHost

Well-known member
Hosting Provider
Registered
Joined
Jul 5, 2016
Messages
1,031
Points
63
Yeah perhaps it's not possible like with some other firewalls that just create temporary blocks that expire after a set period.
 

vpsrus

Well-known member
Hosting Provider
Registered
Joined
Jan 17, 2017
Messages
92
Points
0
Hi Everyone,

I have a quick question which I'm sure the solution to is very simple but it's just bugging me right now : computer:

Where do I find the auto unblock setting for a blocked IP in CSF, I have looked at all the setting but some of the descriptions are not very clear.

For example, when an IP is blocked after a period of say 1 hour CSF automatically removes the block.

Thanks All
HI,

There is no option for that, depend on the block if it temporary it automatic drop from the IPtables in 15 minutes the permanent block will stay there until your IPtables is full (this you can configure on the CSF configuration) then it is starting to drop from the oldest to the newest or you can manually purge all the iptables.
 

eva2000

Well-known member
Registered
Joined
Jan 14, 2017
Messages
173
Points
28
why unblock ? CSF only blocks bad ips that have done something bad i.e. failed ssh login attempts. You don't want to unblock those. But you could write up own script to go through csf.deny entries and grab the epoch time of the ban time of the entry and get the ip of that entry and check it against current system time (in epoch) and work out how many seconds the blocked entry has been set for and then do csf -dr ip to remove it

just some ideas

Code:
tail -1 /etc/csf/csf.deny
204.232.209.67 # lfd: (sshd) Failed SSH login from 204.232.209.67 (US/United States/204-232-209-67.static.cloud-ips.com): 5 in the last 3600 secs - Thu Feb  2 23:23:31 2017

tail -1 /etc/csf/csf.deny | awk -F "secs - " '{print $2,"#", $1}' | awk -F " # " '{print $1}'
Thu Feb  2 23:23:31 2017

date -d "$(tail -1 /etc/csf/csf.deny | awk -F "secs - " '{print $2,"#", $1}' | awk -F " # " '{print $1}')" +%s
1486077811

tail -1 /etc/csf/csf.deny | awk -F "secs - " '{print $2,"#", $1}' | awk -F " # " '{print $2}'
204.232.209.67

current time
echo $(date +%s)
1486094732
 

LJSHost

Well-known member
Hosting Provider
Registered
Joined
Jul 5, 2016
Messages
1,031
Points
63
LJSHost
Thanks for the input everyone but I fixed it, CSF just has so many variables and some take priority over others etc so It was a little tough tracking it down.
It is needed for auto unblock as this is a hosting server and CSF is protecting everything from SSH to cPanel logins, keep unblock tickets down while still shutting down brute force.
 

HostXNow

Well-known member
Hosting Provider
Registered
Joined
Nov 26, 2014
Messages
374
Points
28
I think you are referring to cPHulk Brute Force Protection where you can change the duration in minutes, etc.
 
Newer Threads
Replies
26
Views
12,155
Replies
11
Views
3,984
Replies
0
Views
1,466
Replies
13
Views
5,209

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top