Deny

Deny Permanently

The deny permanently area allows you to manage IP addresses that are permanently denied by the firewall.

• One IP address per line.
• CIDR addressing allowed with a quaded IP.
• Only list IP addresses. Anything else will be ignored.
• Advanced port and IP filtering is allowed.
• Add "do not delete" to the comments of an entry to have DENY_IP_LIMIT not remove that entry.

Format Description
IP address 203.0.113.1
CIDR 203.0.113.0/24
Filter tcp/udp/icmp|in/out|s/d=port|s/d=ip|u=uid

Advanced Deny Filters

You can add more complex port and IP filters using Advanced Deny Filters.

Related Files

File Description
/etc/csf/csf.deny A list of IP addresses that are permanently denied by the firewall.