CSF auto unblock time setting

LJSHost · Feb 2, 2017

Hi Everyone,

I have a quick question which I'm sure the solution to is very simple but it's just bugging me right now :computer:

Where do I find the auto unblock setting for a blocked IP in CSF, I have looked at all the setting but some of the descriptions are not very clear.

For example when an IP is blocked after a period of say 1 hour CSF automatically removes the block.

Thanks All

Chris Worner · Feb 3, 2017

I have never seen this option in CSF that allow to auto unblock an IP in CSF.

If you want to unblock an IP Address in CSF then using this command

csf -dr IP_address

You need to restart CSF to take effect:

csf -r

LJSHost · Feb 3, 2017

Yeah perhaps it's not possible like with some other firewalls that just create temporary blocks that expire after a set period.

vpsrus · Feb 3, 2017

LJSHost said:
Hi Everyone,

I have a quick question which I'm sure the solution to is very simple but it's just bugging me right now : computer:

Where do I find the auto unblock setting for a blocked IP in CSF, I have looked at all the setting but some of the descriptions are not very clear.

For example, when an IP is blocked after a period of say 1 hour CSF automatically removes the block.

Thanks All

HI,

There is no option for that, depend on the block if it temporary it automatic drop from the IPtables in 15 minutes the permanent block will stay there until your IPtables is full (this you can configure on the CSF configuration) then it is starting to drop from the oldest to the newest or you can manually purge all the iptables.

eva2000 · Feb 3, 2017

why unblock ? CSF only blocks bad ips that have done something bad i.e. failed ssh login attempts. You don't want to unblock those. But you could write up own script to go through csf.deny entries and grab the epoch time of the ban time of the entry and get the ip of that entry and check it against current system time (in epoch) and work out how many seconds the blocked entry has been set for and then do csf -dr ip to remove it

just some ideas

Code:

tail -1 /etc/csf/csf.deny
204.232.209.67 # lfd: (sshd) Failed SSH login from 204.232.209.67 (US/United States/204-232-209-67.static.cloud-ips.com): 5 in the last 3600 secs - Thu Feb  2 23:23:31 2017

tail -1 /etc/csf/csf.deny | awk -F "secs - " '{print $2,"#", $1}' | awk -F " # " '{print $1}'
Thu Feb  2 23:23:31 2017

date -d "$(tail -1 /etc/csf/csf.deny | awk -F "secs - " '{print $2,"#", $1}' | awk -F " # " '{print $1}')" +%s
1486077811

tail -1 /etc/csf/csf.deny | awk -F "secs - " '{print $2,"#", $1}' | awk -F " # " '{print $2}'
204.232.209.67

current time
echo $(date +%s)
1486094732

HostXNow · Feb 3, 2017

I think you are referring to cPHulk Brute Force Protection where you can change the duration in minutes, etc.

CSF auto unblock time setting

LJSHost

Well-known member

Chris Worner

Well-known member

LJSHost

Well-known member

vpsrus

Well-known member

eva2000

Well-known member

LJSHost

Well-known member

HostXNow

Well-known member

Latest posts New threads

Latest posts

New threads

Latest Hosting Offers New Reviews

Latest hosting offers

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud