Author Topic: How to allow domain in firewall?  (Read 213 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
How to allow domain in firewall?
« on: September 14, 2024, 05:11:52 PM »
Hi Guys,

I have a problem on my server.
I have a file hosting website with S3 Compatible Cloud Object Storage, but when I enabled the firewall the files are not transferred to that cloud storage because the endpoint (domain) is blocked by the firewall.
Where I should white listed the domain for example endpoint.domain.com in the firewall to be able to allow all ingoing and outgoing from that domain ?

Thank you!

Offline
***
Re: How to allow domain in firewall?
« Reply #1 on: September 14, 2024, 05:42:52 PM »
Hi,

It should be:
Code: [Select]
/etc/csf/csf.dyndnsAdditionally read and update the section "Global Lists/DYNDNS/Blocklists" of the file:
Code: [Select]
/etc/csf/csf.confaccording to your requirements.

Don't forget to restart CSF when the changes are done.

Offline
*
Re: How to allow domain in firewall?
« Reply #2 on: September 14, 2024, 05:58:21 PM »
Hi,

It should be:
Code: [Select]
/etc/csf/csf.dyndnsAdditionally read and update the section "Global Lists/DYNDNS/Blocklists" of the file:
Code: [Select]
/etc/csf/csf.confaccording to your requirements.

Don't forget to restart CSF when the changes are done.

I am just a f noob, I don't know how to do it.
I read the readme.txt but here it say :
Code: [Select]
# TCP connections inbound to port 22 from Dynamic DNS address
# www.configserver.com (for use in csf.dyndns only)
tcp|in|d=22|s=www.configserver.com
I don't get it where I should put it.

Can you give me an example where to add endpoint.domain.com for all the traffic? Pleasee

Offline
***
Re: How to allow domain in firewall?
« Reply #3 on: September 14, 2024, 07:12:00 PM »
Just add the domain name with www and without into the file csf.dyndns one by line:
Code: [Select]
www.configserver.com
configserver.com
extra.configserver.com

this will allow all traffic (incoming/outgoing, tcp/udp, all ports) to/from the hosts www.configserver.com,configserver.com, extra.configserver.com.

If the hosts from the file change ip periodically then change the line:
Code: [Select]
DYNDNS = "0"to something like:
Code: [Select]
DYNDNS = "300"(set your own value) in the file csf.conf. It instructs csf to check and whitelist the actual IP addresses of the hosts listed in csf.dyndns every 300 seconds.