Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 months ago.
Improve this question
How can I dynamically (programatically) block IP addresses using Config Server Security & Firewall?
I am on Centos (linux) with cPanel & WHM
You can deny an ip in csf as below but need to refresh csf because every service apply changes after restart or refresh.
Deny IP
csf -d IPaddress
Refresh:
csf -r
how to block IPs without restarting CSF
Restarting csf by csf -r is not an big deal. You don't need to do any precautions to do this. So blocking IP with or with out csf restart is of same effect.
csf works along with iptables so for denying IP you can use "csf -d IP" instead of writing iptable rules.
csf eases the firewall works. :)
The other answers here appear to be out of date now. It is no longer necessary to reload CSF after blocking an IP address. Here is some example output:
sudo csf -d 10.0.0.1 do not delete
Adding 10.0.0.1 to csf.deny and iptables DROP...
DROP all opt -- in !lo out * 10.0.0.1 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 10.0.0.1
And here is a thread on the CSF forum confirming it.
I have tested blocking few IPs without restarting and it works. You only need to restart if you remove IP from csf.deny eg:
csf -dr 1.1.1.1
csf -r
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I have multiple VMs managed by vagrant in a production environment. I like to set their SSH host ports manually while I have to open every single port in iptables. Vagrant manages these port forwarding manually by default which forces me to open a range of ports which I doesn't want to.
I already tried a port forwarding but it ends up with two ports forwarded to the guest.
config.vm.network "forwarded_port", id: "a-named-ssh-forwarding", host: 54321, guest: 22
The problem is I cannot see any option in the vagrant SSH config section. Obviously I could set the guests SSH port only.
Vagrant SSH settings
Is it even possible to set the forwarded host SSH port and if yes how?
The solution is too simple.
Overriding the Default Forwarded SSH Port in Vagrant
Just rename the ID of the forwarded port to ssh.
config.vm.network "forwarded_port", id: "ssh", host: 54321, guest: 22
This in fact removes the possibility to identify the ssh forwardings to a specific VM by reading the list. But it's a low price for the enhanced system's security.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I'm pulling my hair out over this and can't find a solution anywhere.
After a reboot I started getting "Connection refused" through port 22000 which was the one I had configured and SSH was still listening to(I double checked). I'm connecting from a PC on the same LAN.
I could connect to port 22 suddenly after that but there I got "Access denied" after entering my password. After troubleshooting this I got tired and reinstalled openssh, with that I got a clean config and everything including the firewall and selinux is now configured to use port 22 with these commands:
sudo semanage port -a -t ssh_port_t -p tcp 22
sudo firewall-cmd --permanent --zone=public --add-port=22/tcp
sudo firewall-cmd --reload
Still access denied even though it's the correct password, I know since I can use the exact same directly on the server.
I have tried:
Putting "PermitRootLogin yes" in the sshd_config and login with root but that is also denied, same with a new test account I made. I removed "AllowUsers [username]" from the config before this.
Restarted the SSH service and rebooted as well several times.
The solution here to no avail: Centos 7 Remote SSH access denied
Setting selinux to "Permissive"
Disabling the firewall
Changing password to one without special characters
Triple checking that the SSH service is running
Neither "/var/log/secure" nor "/var/log/messages" log anything regarding my attempts to login.
I must have missed something, anyone have any ideas what?
use: ssh -vvv username#host to check the issue.
Try creating a pem file and see if it works.
I solved it and I really don't want to post the answer since it was embarrassingly easy, but I refuse to leave the question unsolved for the poor souls with similar problems.
I rebooted my PC.... facedesk
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 months ago.
Improve this question
I'm trying to use Bitnami MAPP Stack 5.5.30-0
(For Apache Web Server, PostgreSQL)
When I try to configure the Apache Web Server I get this error: "Cannot bind to port 80. It is probably taken by another application or you don't have enough privileges.
I don't want to change and use another port. I really want to use the port 80.
I don't know what app is using the port 80.
I am running MAC OS X Yosemite
I tried this command:
sudo lsof -i ':80'
But nothing is running on this port.
I opened the httpd.conf and I tried to change the listen port to 80. But still not working.
Can someone help me?
Thank you
Maybe you already have Apache or Nginx running but you need to stop both of them before starting Apache with XAMPP. You can do this with:
To stop Apache: sudo /etc/init.d/apache2 stop
To stop Nginx: sudo nginx -s stop
This means that you either have another process that is already using port 80 or you don't have enough privileges. The following unix command might shed some light. You can run it in terminal:
sudo lsof -i ':80'
Check out this link as well.
If it turns out that you don't have enough privileges, try to configure / run apache using sudo. (sudo stands for superuser do). Note: this maybe a quick fix to get you going on your local machine, but it is not recommended on a production machine.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I spent to much time trying to do something which in plain words looks simple
I am at home, without firewall and all open ports. I need to ssh to the router at work where I have access to ssh port 22. My personal machine is on that subnet having internal ip address. So, what I need to do is to ssh from one machine to the second and from the second to the third. On the third I need to execute another ssh which tunnels some ports to my home machine. All that in bash script from my home. I have tried many solutions on the internet but nothing works.
The whole ideal is to get to my PC at work and run ssh tunnel for port 22 which will allow me to sshfs my work PC.
I could do it manually, by sshing to the router, that form the router to the work pc and then execute the ssh tunnel. I need a one-click solution.
Thanks in advance!
Have you tried just stacking the ssh commands like ssh -t localhost ssh localhost be sure to add the -t option for each hop except the last one ssh -t localhost ssh -t localhost ssh localhost
Maybe try VNC? With the right setup/port forwarding, you wouldn't have to jump from 1 PC to the next.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have installed apache on my server however I can not browse my website through my server's IP. the setup of the apache is a single account server under /var/www/htdocs/.
Is there anything else I need to do to be able to see the account via my server's IP?
There are several possibilities.
firewall, iptables configuration
apache listen address / port
More information is needed about your configuration. What distro are you using? Can you connect via 127.0.0.1?
If the issue is with the firewall/iptables, you can add the following lines to /etc/sysconfig/iptables:
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
(Second line is only needed for https)
Make sure this is above any lines that would globally restrict access, like the following:
-A INPUT -j REJECT --reject-with icmp-host-prohibited
Tested on CentOS 6.3
And finally
service iptables restart
Did you restart the server after you changed the config file?
Can you telnet to the server from a different machine?
Can you telnet to the server from the server itself?
telnet <ip address> 80
telnet localhost 80