Help Center
IP blocking in CSF via command line
Ensuring efficient traffic on your server is crucial to maintain optimal performance and a smooth experience for your users.
In this article, you will learn how to block multiple IPs in CSF (ConfigServer Firewall), a security measure that allows you to filter and prevent unwanted access.
Remember that it's essential to take precautions and use this functionality responsibly, following the relevant policies and regulations.
Follow the step-by-step instructions to ensure a secure server and efficient traffic.
Block ONE IP address:
- Open a terminal or command line on your operating system
- Execute the following command
# csf -d 1.2.3.4
Block MULTIPLE IP addresses:
- Open a terminal or command line on your operating system.
- Create a TXT file, in this example, we'll name it "block" and paste all the IPs you want to block, one IP per line
# nano block.txt - Once saved, execute the following command
# for i in `cat block.txt`; do csf -d $i;done
Block a RANGE of IP addresses
- Open a terminal or command line on your operating system
- Execute ANY of the following commands ACCORDING TO YOUR NEEDS
# csf -d 111.0.0.0/8
# csf -d 111.111.0.0/16
# csf -d 111.111.111.0/24
The types of blocking mentioned above differ in terms of their scope and IP address range. Here's an explanation of the differences:
- 111.0.0.0/8: This blocking uses CIDR (Classless Inter-Domain Routing) notation to specify an IP address range. The "/8" notation indicates that you are blocking all IP addresses that start with the prefix "111" in the first octet. In other words, it blocks all IP addresses from 111.0.0.0 to 111.255.255.255. This type of blocking is very broad and will block all IP addresses within that range.
- 111.111.0.0/16: This blocking also uses CIDR notation but with a "/16" mask. This means it blocks all IP addresses that start with the prefix "111.111" in the first two octets. In this case, it blocks all IP addresses from 111.111.0.0 to 111.111.255.255. This range is more specific than the previous one, as it is limited to IP addresses that start with "111.111".
- 111.111.111.0/24: This blocking uses CIDR notation with a "/24" mask. It indicates that it blocks all IP addresses that start with "111.111.111" in the first three octets. In this case, it blocks all IP addresses from 111.111.111.0 to 111.111.111.255. This range is even more specific and limited than the previous ones, focusing on IP addresses that start with "111.111.111".
In summary, the difference between these blocks lies in the range of IP addresses being blocked. The first block is the broadest and will block all IP addresses starting with "111" in the first octet. Subsequent blocks become more specific, limiting the range of IP addresses to the first two or three octets. The choice of blocking type will depend on your needs and the level of precision you want to apply in restricting access to your server.
Related articles
- Screen command in CentOs: more efficient sessions
- Solution: 'Service Unavailable' on CloudLinux servers
- Database export via command line
- Protect your data: configure RAID notifications with S.M.A.R.T.
- List CronJobs for all cPanel users
- Delete unnecessary files from the /tmp partition
- Change reserved disk space in CentOS
- Know your hardware: get accurate information on CentOS 7
- Basic SSH commands
- Optimize accounts with manual rearrange
- Clear DNS cache: solution to resolution problems
- Change file permissions via command line
- How to open and close ports using CSF in WHM?
- How to Modify the Hosts File in Windows, Linux, and macOS
- How to Use Telnet to Test SMTP Connectivity on Port 25
- Adjusting reserved space on Linux disks
- Adjusting reconstruction speed in RAID on Linux
- Where are NGINX logs stored?
- Configuring RAID failure notifications with mdadm
- Differences between Legacy VPS and Cloud VPS
- Install cPanel in your server or VPS
- How to send emails via SSH?
- Manage screen session