csf: how to override TCP_IN?

firewall port csf

I'm using csf v14.05 on my Debian-8-based server.

In csf.conf, I have the following:

TCP_IN = "53,80,110,119,143,443,465,587,953,993,995"

I want to selectively override this in csf.deny, only for certain specific host/port combinations, as in the following example:

tcp|in|d=143|s=aaa.bbb.ccc.ddd # actual IP address dummied out

However, requests coming from aaa.bbb.ccc.ddd to port 443 are still being allowed.

I know that csf.allow rules override all other rules, and therefore, it appears that TCP_IN within csf.conf also behaves the same way.

Is there any way in csf to allow open access to a given port except for certain, selected IP addresses, like I am trying to do here?

Thank you very much.


This is a source of common confusion ...

TCP_IN allows all the ports listed, regardless of csf.allow (except the csf.allow rule is a deny rule)

So, if you really wanted to selectively allow access to a port, you would exclude it from TCP_IN of csf.conf ... and then have it in csf.allow

Related

How to combine squid reverse proxy with nginx proxy for shiny-server
Openldap - slap_access_allowed: auth access denied by =0 - Not able to authenticate user
MariaDB galera cluster, add node without interruption
Android app is published, but not visible anywhere in Google Play
How to split a video using FFMPEG so that each chunk starts with a key frame?
How to set the border of UITextView to same as border color of UITextField
android: dynamically change FAB(Floating Action Button) icon from code
Efficient way to OR adjacent bits in 64-bit integer
How do I hide related videos at the end of a YouTube playlist embed code?
Vuex 2.0 Dispatch versus Commit
Entity Framework Core - setting the decimal precision and scale to all decimal properties [duplicate]
Flutter Layout Container Margin