Linux - How to use CSF, Commands for using CSF

How to use CSF

Before looking more in to CSF firewall, first we must know more on CSF config files. Below are some of the CSF configuration files

csf.conf : Configuration file for controlling CSF.

csf.allow : All Allowed IP's and CIDR addresses list on the firewall.

csf.deny : All Denied IP's and CIDR addresses list on the firewall.

csf.ignore : All Ignored IP's and CIDR addresses list on the firewall.

csf.*ignore : The list of various ignore files of users, IP's.

Note: CIDR (Classless Inter-Domain Routing or supernetting)
A CIDR network address looks like this: 192.30.250.00/18

To start the firewall rules
 # csf -s

 #csf --start
To flush/stop firewall rules
 # csf -f

 # csf --stop
To restart the firewall rules
 # csf -r

 # csf --restart

To list/show ipv4 tables configuration
 # csf -l

 # csf --status

To list/show ipv6 tables configuration
 # csf -l6

 # csf -status6
This allows the IP mentioned in command and adds it in /etc/csf/csf.allow
 # csf -a IP [comment]

 # csf --add IP [comment]

 example:  # csf -a xx.xx.xx.xx
To remove any unwanted allowed IP in /etc/csf/csf.allow
 # csf -ar IP
 # csf --addrm IP

To denies the IP mentioned in command and adds it in /etc/csf/csf.deny
 # csf -d IP

 # csf --deny IP

Unblock the denied IP and remove it from /etc/csf/csf.deny
 # csf -dr IP
 # csf -denyrm IP

Remove and unblock all entries in /etc/csf/csf.deny
 csf -df
 csf -denyf

To search an IP,CIDR,Port Number in the ipv4tables and ipv6tables rules
 # csf -g

 # csf --grep ip

It displays list of temporary allowed and denied IP entries with their TTL and comment
 
 # csf -t

 # csf --temp

Add an IP to the temp IP allow list
 # csf -ta ip ttl [-p port] [-d direction] [comment]
 
 # csf --tempallow ip ttl [-p port] [-d direction] [comment]
Where ttl is the time to live in seconds - Default value: 3600

Add an IP to the temp IP ban list.
 # csf -td ip ttl [-p port] [-d direction] [comment]
 # csf --tempdeny ip ttl [-p port] [-d direction] [comment]

Remove an IP from the temporarly allowed or baned IP list
 # csf -tr 
 # csf --temprm ip

Flush removes all IPs from the temporary allowed or baned IP list
 # csf -tf 
 # csf -tempf

To find out the csf version installed in the sevrer
 # csf -v 
 # csf --version 

To check the update for csf, but it wont upgrade
 # csf -c 
 
 # csf --check 

To update for csf and upgrade if available
 # csf -u 

 # csf --update

Help or To know more about CSF command
 # csf -h 

 # csf --help 

The topic on Linux - How to use CSF is posted by - Math

Hope you have enjoyed, Linux - How to use CSFThanks for your time

Tech Bluff