How to Open a Specific Port for a Specific IP address in CSF firewall
How to Open a Specific Port for a Specific IP address in CSF firewall
Example : It is possible to open port 5353 only for IP address 192.168.5.2
In CSF readme.txt file you can see “Advanced Allow/Deny Filters”. Open the file /etc/csf/readme.txt file using vi editor to check the format of Advanced Allow/Deny Filters.
CSF Advanced Allow/Deny Filter format is Given below
tcp/udp|in/out|s/d=port|s/d=ip|u=uid
tcp/udp : Which protocol you want to allow/block.
in/out : Incoming or outgoing connection. in = incoming connection, out = outgoing connection.
s/d=port : Either source or destination port. s = source port, d = destination port
s/d=ip : Source or destination. s = Source IP, d = destination IP
u/g=UID : EITHER UID or GID of source packet
Example is Given below :
1. If you want inbound TCP connections from 192.168.2.5 to MySQL port 3306 on the server
TCP connections inbound to port 3306 from IP 192.168.2.5
tcp|in|d=3306|s=192.168.2.5
2. TCP connections outbound to port 22 on IP 192.168.2.5
tcp|out|d=22|d=192.168.2.5
3. TCP connections inbound to port 22 from IP 192.168.5.5
d=22|s=192.168.5.5
Check CSF readme file for more examples. You must add the above rules in CSF allow or deny list (/etc/csf.allow and /etc/csf.deny).
Example :
vi /etc/csf.allow
tcp|in|d=3306|s=192.168.2.5

CSF advanced Allow Deny Filter