How to block an IP(IP range) in CSF

You find a bad IPv4/IPv6 and want to block it? You can easily block it with CSF.

ConfigServer Security & Firewall (csf) is a very used firewall for cPanel servers. Download it from https://configserver.com/cp/csf.html

You can block an IP/IP range from WHM or from the server bash.

Block an IP from WHM:

  1. Log in to WHM as root.
  2. Navigate to Plugins section, then to ConfigServer Security & Firewall
    whm csf
  3. Look for the Quick Deny section/button. Enter the IP/IP range in the red edit box. If you want, you can also add a comment in the next edit box.
    csf quick deny
  4. Click the Quick Deny button.
  5. The IP will be added to the block list – /etc/csf/csf.deny file – and you will see a confirmation message:
    csf add ip
  6. Click the Return button to return to the CSF main page.

To be able to block IPv6 you must first enable IPv6 in CSF. If IPv6 is not enabled, you will get a message:

csf blockipv61

So, to enable IPv6 in CSF, go to the Firewall Configuration and set IPV6=On

csf blockipv62

Block an IP from server bash:

1. Log in to the server via SSH as root

2. Use the command: csf -d IP

# csf -d 145.123.44.55
# csf -d 2001:db8:85a3::8a2e:370:7333

You can also block IP blocks, like:

# csf -d 145.123.44.0/24
# csf -d 145.123.0.0/16

This Post Has 4 Comments

  1. Clappert

    how can you block ipv6 in csf ?

    1. Editorial Staff

      Same as for IPv4. Notice that you must enable first IPv6 in the CSF configuration.

  2. Jeff Kee

    Or edit /etc/csf/csf.deny directly to add a bunch of rows/ranges at once!

Leave a Reply