Config Server Firewall (CSF) is a free and advanced firewall for most Linux distributions and Linux based VPS. In addition to the basic functionality of a firewall – filtering packets – CSF includes other security features, such as login/intrusion/flood detections. CSF includes UI integration for cPanel, DirectAdmin and Webmin, but this tutorial only covers the command line usage. CSF is able to recognize many attacks, such as port scans, SYN floods, and login brute force attacks on many services. It is configured to temporarily block clients who are detected to be attacking the cloud server.

Here are some helpful shell commands.

CommandExtended CommandDescriptionExample
csf -h–helpShow this messageroot@server[~]#csf -h
csf -r–restartRestart firewall rulesroot@server[~]#csf -r
csf -d [IP.add.re.ss] [comment]–deny ipDeny an IP and add to /etc/csf.denyroot@server[~]#csf -d 11.22.33.44 Blocked This Guy
csf -dr [IP.add.re.ss]–denyrm ipUnblock an IP and remove from /etc/csf.denyroot@server[~]#csf -dr 22.33.44.55
csf -df–denyfRemove and unblock all entries in /etc/csf.denyroot@server[~]#csf -df
csf -tr [IP.add.re.ss]–temprm ipRemove an IP from the temporary IP ban or allow list.root@server[~]#csf -tr 55.66.77.88
csf -td–tempdeny ip ttl [-p port] [-d direction]Add an IP to the temp IP ban list. ttl is how long to blocks for (default:seconds, can use one suffix of h/m/d).root@server[~]#csf -t
csf -a [IP.add.re.ss] [comment]–add ipAllow an IP and add to /etc/csf.allowroot@server[~]#csf -a 33.44.55.66 Home IP Address
csf -tf–tempfFlush all IPs from the temporary IP entriesroot@server[~]#csf -tf
csf -g [IP.add.re.ss]–grep ipSearch the iptables rules for an IP match (incl. CIDR)root@server[~]#csf -g 44.55.66.77
csf -v–versionShow csf versionroot@server[~]#csf -v
csf -u–updateCheck for updates to csf and upgrade if availableroot@server[~]#csf -u
csf -l–statusList/Show iptables configuration
csf -l6–status6List/Show ip6tables configuration
csf -s–startStart firewall rules
csf -f–stopFlush/Stop firewall rules (Note: lfd may restart csf)
csf -q–startqQuick restart (csf restarted by lfd)
csf -sf–startfForce CLI restart regardless of LFDSTART setting
csf -ar–addrm ipRemove an IP from /etc/csf.allow and delete rule
csf -t–tempDisplays the current list of temp IP entries and their TTLOptional port. Optional direction of block can be one of: in, out or inout (default:in)
csf -ta–tempallow ip, ttl [-p port] [-d direction]Add an IP to the temp IP allow list (default:inout)
csf -cp–cpingPING all members in an lfd Cluster
csf -cd–cdeny ipDeny an IP in a Cluster and add to /etc/csf.deny
csf -ca–callow ipAllow an IP in a Cluster and add to /etc/csf.allow
csf -cr–crm ipUnblock an IP in a Cluster and remove from /etc/csf.deny
csf -cc–cconfig [name] [value]Change configuration option [name] to [value] in a Cluster
csf -cf–cfile [file]Send [file] in a Cluster to /etc/csf/
csf -crs–crestartCluster restart csf and lfd
csf -w–watch ipLog SYN packets for an IP across iptables chains
csf -m–mail [addr}Display Server Check in HTML or email to [addr] if present
csf -lr–logrunInitiate Log Scanner report via lfd
csf -c–checkCheck for updates to csf but do not upgrade
csf -ufForce an update of csf
csf -x–disableDisable csf and lfd
csf -e–enableEnable csf and lfd if previously disabled

196    Linux Firewall    
Total 1 Votes:
0

Tell us how can we improve this post?

+ = Verify Human or Spambot ?

Question ?

You will get a notification email when Knowledgebase answerd/updated!

+ = Verify Human or Spambot ?