You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have been using this script and it has been working great. But today we found a couple problems:
Let's say that you create a docker image with the port TCP 8080 exposed, but this port is not part of TCP_IN list on the csf.conf. Because the idea is to be accessed only from the allowed IPs on csf.allow. Well, the script will add a rule that will accept ALL traffic to the port TCP 8080. Even if that port is intended to be a restrictive port. Any idea how can we solve this?
Another problem is, if we use LFD to block IPs that are trying to brute force. LFD will add a rule to the chains DENYIN and DENYOUT. But those rules are never going to be hitted because there is an ACCEPT rule in the DOCKER chain created by this script. In other words, an IP blocked by LFD will never be blocked because the chain DOCKER has precedence over DENYIN chain. Any way to solve this?
Thank you!
The text was updated successfully, but these errors were encountered:
Hello,
We have been using this script and it has been working great. But today we found a couple problems:
Let's say that you create a docker image with the port TCP 8080 exposed, but this port is not part of TCP_IN list on the csf.conf. Because the idea is to be accessed only from the allowed IPs on csf.allow. Well, the script will add a rule that will accept ALL traffic to the port TCP 8080. Even if that port is intended to be a restrictive port. Any idea how can we solve this?
Another problem is, if we use LFD to block IPs that are trying to brute force. LFD will add a rule to the chains DENYIN and DENYOUT. But those rules are never going to be hitted because there is an ACCEPT rule in the DOCKER chain created by this script. In other words, an IP blocked by LFD will never be blocked because the chain DOCKER has precedence over DENYIN chain. Any way to solve this?
Thank you!
The text was updated successfully, but these errors were encountered: