The deny permanently area allows you to manage IP addresses that are permanently denied by the firewall.
• One IP address per line.
• CIDR addressing allowed with a quaded IP.
• Only list IP addresses. Anything else will be ignored.
• Advanced port and IP filtering is allowed.
• Add "do not delete" to the comments of an entry to haveDENY_IP_LIMITnot remove that entry.
| Format | Description |
|---|---|
| IP address | 203.0.113.1 |
| CIDR | 203.0.113.0/24 |
| Filter | tcp/udp/icmp|in/out|s/d=port|s/d=ip|u=uid |
You can add more complex port and IP filters using Advanced Deny Filters.
| File | Description |
|---|---|
/etc/csf/csf.deny |
A list of IP addresses that are permanently denied by the firewall. |