Important CSF Commands for linux server administrator

I have posted this article to Linux server administrators who are make changes on csf firewall via command line, this will very helpful.

1) How to add IP address to CSF deny list

To add IP address into deny list, Use the below command.

# csf -d 103.14.120.108
Adding 103.14.120.108 to csf.deny and iptables DROP...
DROP  all opt -- in !lo out *  103.14.120.108  -> 0.0.0.0/0
DROP  all opt -- in * out !lo  0.0.0.0/0  -> 103.14.120.108

2) How to find IP address is listed in CSF deny list

How to find IP address is listed in csf deny list, use the below command.

# grep 103.14.120.108 /etc/csf/csf.deny
103.14.120.108 # Manually denied - Sat Dec 21 09:05:05 2013

3) How to remove/unblock IP address from CSF deny list

To remove/unblock the IP address from deny list, Use the below command.

# csf -dr 103.14.120.108
Removing rule...
DROP  all opt -- in !lo out *  103.14.120.108  -> 0.0.0.0/0
DROP  all opt -- in * out !lo  0.0.0.0/0  -> 103.14.120.108

4) How to remove/flush all IP address from CSF deny list

To remove/flush all the IP entries from deny list, Use the below command.

# csf -df
DROP  all opt -- in !lo out *  41.82.96.194  -> 0.0.0.0/0
DROP  all opt -- in * out !lo  0.0.0.0/0  -> 41.82.96.194
DROP  all opt -- in !lo out *  74.208.180.134  -> 0.0.0.0/0
DROP  all opt -- in * out !lo  0.0.0.0/0  -> 74.208.180.134
csf: all entries removed from csf.deny

5) How to add IP address to CSF allow list

To add IP address in to allow list, Use the below command.

# csf -a 103.14.120.108
Adding 103.14.120.108 to csf.allow and iptables ACCEPT...
ACCEPT  all opt -- in !lo out *  103.14.120.108  -> 0.0.0.0/0
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 103.14.120.108

6) How to find IP address is listed in CSF allow list

How to find IP address listed in allow list, Use the below command.

# grep 103.14.120.108 /etc/csf/csf.allow
103.14.120.108 # Manually allowed - Sat Dec 21 09:07:05 2013

7) How to remove the IP from CSF allow list

To remove the IP address from allow list, Use the below command.

# csf -ar 103.14.120.108
Removing rule...
ACCEPT  all opt -- in !lo out *  103.14.120.108  -> 0.0.0.0/0
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 103.14.120.108

8) How to find IP address is listed in CSF temporary ban list

How to find IP address listed in temporary ban list, Use the below command.

# grep 103.14.120.108 /etc/csf/csf.tempban
103.14.120.108 # Manually allowed - Sat Dec 21 09:10:05 2013

9) How to remove IP address is listed in CSF temporary ban list

To remove/unblock the IP address from the temporary IP ban list, Use the below command.

# csf -tr 103.14.120.108
DROP  all opt -- in !lo out *  103.14.120.108  -> 0.0.0.0/0
csf: 103.14.120.108 temporary block removed
csf: There are no temporary IP allows

10) How to remove all IP address is listed in CSF temporary ban list

To remove/flush all the IP entries from temporary IP ban list, Use the below command.

# csf -tf
DROP  all opt -- in !lo out *  83.170.117.45  -> 0.0.0.0/0
csf: 83.170.117.45 temporary block removed
csf: There are no temporary IP allows

11) How to add IP address to CSF ignore list

login to shell then open the csf.ignore config file on your favourite editor and add it.

# nano /etc/csf/csf.ignore
  GNU nano 2.0.9                                        File: /etc/csf/csf.ignore

###############################################################################
# Copyright 2006-2013, Way to the Web Limited
# URL: http://www.configserver.com
# Email: [email protected]
###############################################################################
# The following IP addresses will be ignored by all lfd checks
# One IP address per line
# CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24)
# Only list IP addresses, not domain names (they will be ignored)
#

127.0.0.1
103.14.120.108

12) How to start CSF firewall

To enable/start csf firewall, Use the below command.

# csf -e
DROP  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:67
DROP  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  udp dpt:67
LOCALOUTPUT  all opt    in * out !lo  ::/0  -> ::/0
LOCALINPUT  all opt    in !lo out *  ::/0  -> ::/0
Starting lfd: Done
csf and lfd have been enabled

13) How to stop CSF firewall

To diable/stop csf firewall, Use the below command.

# csf -x
Stopping lfd: Done
Flushing chain `INPUT'
Flushing chain `FORWARD'
Deleting chain `LOGDROPOUT'
Deleting chain `acctboth'
Restarting bandmin acctboth chains for cPanel
Deleting chain `LOGDROPOUT'
csf and lfd have been disabled

14) How to restart CSF firewall

To restart csf firewall, use the below command.

# csf -r
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0
ACCEPT  tcp opt -- in * out !lo  0.0.0.0/0  -> 83.170.64.2  tcp dpt:53
Restarting bandmin acctboth chains for cPanel
acctboth  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0
LOCALOUTPUT  all opt    in * out !lo  ::/0  -> ::/0
LOCALINPUT  all opt    in !lo out *  ::/0  -> ::/0

15) Important CSF config file path

Path of CSF configuration file

[email protected] [~]# /etc/csf/csf.conf

Path of CSF allow file

[email protected] [~]# /etc/csf/csf.allow

Path of CSF deny file

[email protected] [~]# /etc/csf/csf.deny

Path of CSF ignorelist file

[email protected] [~]# /etc/csf/csf.ignore

Path of CSF temporary ban file

[email protected] [~]# /etc/csf/csf.tempban

Magesh Maruthamuthu

Love to play with all Linux distribution

You may also like...