• Contact Us
  • copyright
  • About Us
  • Privacy Policy
  • Devops
  • Linux
Globedrill

ConfigServer Security & Firewall CSF Commands

Linux/14 Mar, 17/2014/0
Linux

ConfigServer Security & Firewall CSF Commands

 

In my last post I have discussed about installing CSF firewall. CSF provide user interface for cPanel, webmin and directadmin control panels. Users can easily manage the CSF firewall without accessing the server backend.
Firewall should be managed from server backend on all other control panels and linux distributions.

All CSF firewall configuration files are in /etc/csf directory.
 
 

How to Allow IP address in CSF firewall

 
You might see connection timeout error if your ISP IP address is blocked in the server firewall. First go to whatsmyip.org website to check the ISP IP address.

1. Log into server via SSH as root

2. Run the command “csf -a [ip address]” to whitelist the IP address

In the above command you should replace “ip address” with the actual ISP IP address.

Example :

[root@server /]# csf -a 192.168.1.4
Adding 192.168.1.4 to csf.allow only while in TESTING mode (not iptables ACCEPT)
[root@server /]#

I have whitelisted the IP address “192.168.1.4” on the above linux server. All whitelisted/allowed IP addresses are saved in “/etc/csf/csf.allow” file.

[root@server /]# grep 192.168.1.4 /etc/csf/csf.allow
192.168.1.4 # Manually allowed: 192.168.1.4 Thu Mar 2 23:26:52 2017

You can also manually add an IP address to CSF whitelist by editing the ‘csf.allow’ file.

a. Open the file “csf.allow” using vi editor

vi /etc/csf/csf.allow

b. Add the Ip address in csf.allow. Save the file and exit

c. Run the command ‘csf -r’ to restart the firewall.
 
 

How to Block an IP address in CSF firewall

 
1. Log into server via SSH as ‘root’ user

2. Run the command “csf -d [ip address]” to block the IP address.

Example :

[root@server ~]# csf -d 192.168.2.5
Adding 192.168.2.5 to csf.deny and iptables DROP…
DROP all opt — in !lo out * 192.168.2.5 -> 0.0.0.0/0
LOGDROPOUT all opt — in * out !lo 0.0.0.0/0 -> 192.168.2.5

3. Restart the CSF firewall

[root@server ~]# csf -r

The IP address in the above example 192.168.2.5 will be added to csf.deny file

[root@server ~]# grep 192.168.2.5 /etc/csf/csf.deny
192.168.2.5 # Manually denied: 192.168.2.5 Sun Mar 5 05:10:26 2017

You can also add the IP address to CSF deny list by editing the file /etc/csf/csf.deny.
 
 

How to Enable/Disable CSF firewall

 
1. Login to Linux server via SSH as ‘root’

2. Type the command “csf --enable” OR “csf -e” to enable the firewall
 

[root@server ~]# csf --enable
csf and lfd have been enabled

[root@server ~]# csf --enable
csf and lfd are not disabled! (CSF and Lfd is already enabled on this server)

 

[root@server ~]# csf --disable
csf and lfd have been disabled

[root@server ~]# csf -x
csf and lfd have been disabled, use ‘csf -e’ to enable

 
 

How to update CSF and upgrade to latest version

 
1. Login to your Linux server as ‘root’

2. Run the command “csf -u” OR “csf --update” to update CSF and upgrade if new version is available

[root@server ~]# csf --update
csf is already at the latest version: v10.04

csf firewall on my server is already up-to-date.

3. Run the command “csf -uf” to force an update of CSF

4. The command “csf –check” will check for updates to CSF but will not upgrade to latest version.

Other useful CSF commands for Server administrators

1. Command to remove an IP address from CSF allow list (Remove an IP address from /etc/csf/csf.allow file and delete the rule)

csf --addrm [IPaddress]

OR

csf -ar [IPaddress]

2. Command to delete an IP address from CSF deny list (Remove IP from /etc/csf/csf.deny)

csf --denyrm [IPaddress]

OR

csf -dr [IPaddress]

3. Command to remove and unblock all entries in CSF deny list /etc/csf/csf.deny

csf -df [IPaddress]

OR

csf --denyf [IPaddress]

4. Command to display server ports on which there is running process

csf --ports

OR

csf -p

5. Command to list all temporary allow and deny IP with their TTL (will show IPs in temporary block and allow)

csf --temp

OR

csf -t

Leave a Reply Cancel reply

.

About Us

Globedrill.com is a website that publishes articles related to Linux and Devops. Globedrill was started on April 2016.

Contact Us

Email : globedrill.c@gmail.com

Globedrill

Copyright © 2016 Globedrill. All Rights Reserved. The content in this website is copyrighted to Globedrill.com and may not be republished either online or offline.

  • About Us
  • Privacy Policy
  • Contact Us
  • copyright