Linux - How to use CSF, Commands for using CSF
How to use CSF
Before looking more in to CSF firewall, first we must know more on CSF config files. Below are some of the CSF configuration filescsf.conf : Configuration file for controlling CSF.
csf.allow : All Allowed IP's and CIDR addresses list on the firewall.
csf.deny : All Denied IP's and CIDR addresses list on the firewall.
csf.ignore : All Ignored IP's and CIDR addresses list on the firewall.
csf.*ignore : The list of various ignore files of users, IP's.
Note: CIDR (Classless Inter-Domain Routing or supernetting)
A CIDR network address looks like this: 192.30.250.00/18
To start the firewall rules
# csf -s #csf --startTo flush/stop firewall rules
# csf -f # csf --stopTo restart the firewall rules
# csf -r # csf --restart
To list/show ipv4 tables configuration
# csf -l # csf --status
To list/show ipv6 tables configuration
# csf -l6 # csf -status6This allows the IP mentioned in command and adds it in /etc/csf/csf.allow
# csf -a IP [comment] # csf --add IP [comment] example: # csf -a xx.xx.xx.xxTo remove any unwanted allowed IP in /etc/csf/csf.allow
# csf -ar IP # csf --addrm IP
To denies the IP mentioned in command and adds it in /etc/csf/csf.deny
# csf -d IP # csf --deny IP
Unblock the denied IP and remove it from /etc/csf/csf.deny
# csf -dr IP # csf -denyrm IP
Remove and unblock all entries in /etc/csf/csf.deny
csf -df csf -denyf
To search an IP,CIDR,Port Number in the ipv4tables and ipv6tables rules
# csf -g # csf --grep ip
It displays list of temporary allowed and denied IP entries with their TTL and comment
# csf -t # csf --temp
Add an IP to the temp IP allow list
# csf -ta ip ttl [-p port] [-d direction] [comment] # csf --tempallow ip ttl [-p port] [-d direction] [comment]Where ttl is the time to live in seconds - Default value: 3600
Add an IP to the temp IP ban list.
# csf -td ip ttl [-p port] [-d direction] [comment] # csf --tempdeny ip ttl [-p port] [-d direction] [comment]
Remove an IP from the temporarly allowed or baned IP list
# csf -tr # csf --temprm ip
Flush removes all IPs from the temporary allowed or baned IP list
# csf -tf # csf -tempf
To find out the csf version installed in the sevrer
# csf -v # csf --version
To check the update for csf, but it wont upgrade
# csf -c # csf --check
To update for csf and upgrade if available
# csf -u # csf --update
Help or To know more about CSF command
# csf -h # csf --help
The topic on Linux - How to use CSF is posted by - Math
Hope you have enjoyed, Linux - How to use CSFThanks for your time