How to Open a Specific Port for a Specific IP address in CSF firewall

It is easy to open a port for all IP address by adding the port number in CSF configuration file. Have you ever tried to open Specific port number for a specific IP address?

Example : It is possible to open port 5353 only for IP address 192.168.5.2

In CSF readme.txt file you can see “Advanced Allow/Deny Filters”. Open the file /etc/csf/readme.txt file using vi editor to check the format of Advanced Allow/Deny Filters.

CSF Advanced Allow/Deny Filter format is Given below

tcp/udp|in/out|s/d=port|s/d=ip|u=uid

tcp/udp : Which protocol you want to allow/block.

in/out : Incoming or outgoing connection. in = incoming connection, out = outgoing connection.

s/d=port : Either source or destination port. s = source port, d = destination port

s/d=ip : Source or destination. s = Source IP, d = destination IP

u/g=UID : EITHER UID or GID of source packet

Example is Given below :

1. If you want inbound TCP connections from 192.168.2.5 to MySQL port 3306 on the server

TCP connections inbound to port 3306 from IP 192.168.2.5
tcp|in|d=3306|s=192.168.2.5

2. TCP connections outbound to port 22 on IP 192.168.2.5
tcp|out|d=22|d=192.168.2.5

3. TCP connections inbound to port 22 from IP 192.168.5.5
d=22|s=192.168.5.5

Check CSF readme file for more examples. You must add the above rules in CSF allow or deny list (/etc/csf.allow and /etc/csf.deny).

Example :
vi /etc/csf.allow
tcp|in|d=3306|s=192.168.2.5