Config Server Firewall(CSF) is abbreviated as CSF. CSF is the most widely using firewall application to secure Unix/Linux servers. CSF has wide range of options to manage Linux firewall via command-line and from the control panel & with the help of thirdparty software. The csf installation includes preconfigured configurations and control panel UI’s for cPanel, DirectAdmin and Webmin. The installation ans usage of CSF is quit simple.

Some very useful ConfigServer Firewall (CSF) commands for managing your server firewall.

Enable csf and lfd if previously disabled

csf -e 
Or
csf --enable

How to disable CSF from command line?

csf -x

Restart CSF from command line?

To restart the CSF, you can use the ‘r’ switch.

csf -r 
Or 
csf --restart

Flush/Stop firewall rules (note: lfd may restart csf)

csf -r 
Or 
csf --restart

Flush/Stop firewall rules (note: lfd may restart csf)

csf -f

Allow an IP and add to /etc/csf/csf.allow

csf -a [IP.add.re.ss] [comment]

Example:

[email protected][~]#csf -a 104.111.21.2 Home IP Address

Remove an IP from the temporary IP ban or allow list.

csf -tr [IP.address]

Example:

[email protected][~]#csf -tr 104.111.21.2

Flush all IPs from the temporary IP entries

csf -tr [IP.address]

Example:

[email protected][~]#csf -tf

Deny an IP and add to /etc/csf/csf.deny

csf -d [IP.address] [comment]

Example:

[email protected][~]#csf -d 104.111.21.2 Blocked This ip

Unblock an IP and remove from /etc/csf/csf.deny

csf -dr [IP.add.re.ss]

Example:

[email protected][~]#csf -dr 104.111.21.2

Remove and unblock all entries in /etc/csf/csf.deny

csf -df

Example:

[email protected][~]#csf -df

Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number)

csf -g

Example:

[email protected][~]#csf -g 104.111.21.2

Displays the current list of temporary allow and deny IP entries with their TTL and comment

csf -t

Example:

[email protected][~]#csf -t

Add an IP to the temp IP ban list.

csf -td ip ttl [-p port] [-d direction] [comment]
Or
csf --tempdeny ip ttl [-p port] [-d direction] [comment]

Example:

[[email protected] ~]# csf -td 66.8x.1xx.xx
DROP  all opt -- in !lo out *  104.1x.1xx.xx  -> 0.0.0.0/0
csf: 104.1x.1xx.xx blocked on port * for 3600 seconds inbound

Remove an IP from the temporary IP ban or allow list

csf -tr 
Or 
csf --temprm ip

Flush all IPs from the temporary IP entries

csf -tf 
Or 
csf --tempf

Other General csf commands:

csf -v Or csf --version : Show csf version
csf -c Or csf --check : Check for updates to csf but do not upgrade
csf -u Or csf --update : Check for updates to csf and upgrade if available
csf -h Or csf --help : For help

 

That’s It thank you for watching