CSF Basic Commands With examples beginners tutorials

CSF Commands beginners guide With examples
Spread the love

This article covers all CSF Basic Commands With examples beginners tutorials. It is necessary to know before dealing with CSF. If you are a beginner, it is a good time to start with this article. The article explains how to start csf, restart csf, flush csf rules, whitelist an IP in csf, block an IP in csf. The article is highly recommended for securing a linux server.

Start CSF:
Start the firewall rules

csf -s

[root@techfaqsolutions ~]# csf -s
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'


Useful Links:

  1. Installing and configuring ConfigServer Security & Firewall (CSF)

Enable CSF:
Enable csf and lfd if you disabled csf already.
csf -e

[root@techfaqsolutions ~]# csf -x
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
.
.
.
csf and lfd have been enabled

Disable CSF:
Disable csf and lfd completely
csf -x

[root@techfaqsolutions ~]# csf -x
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
.
.
Flushing chain `POSTROUTING'
csf and lfd have been disabled

Update CSF:
Check for updates to csf and upgrade if available
csf -u

[root@techfaqsolutions ~]# csf -u
csf is already at the latest version: v12.04

Flush firewall rules:
Flush/Stop firewall rules (Note: lfd may restart csf)
csf -f

[root@techfaqsolutions ~]# csf -f
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'

Restart CSF:
Restart firewall rules (csf)
csf -r

Check the IP from blacklist and whitelist in CSF:

csf -g <ip>

example:

csf -g 192.168.1.122

[root@techfaqsolutions ~]# csf -g 192.168.1.122

Table Chain num pkts bytes target prot opt in out source destination

filter ALLOWIN 1 0 0 ACCEPT all -- !lo * 192.168.1.122 0.0.0.0/0

filter ALLOWOUT 1 0 0 ACCEPT all -- * !lo 0.0.0.0/0 192.168.1.122

Whitelist / Allow an IP in CSF:

csf -a <ip> <“comment”>

example:

csf -a 192.168.1.122 "This my PC's IP"

[root@techfaqsolutions ~]# csf -a 192.168.1.122 "This my PC's IP"
Adding 192.168.1.122 to csf.allow and iptables ACCEPT...
ACCEPT all opt -- in !lo out * 192.168.1.122 -> 0.0.0.0/0 
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.122

It’s good practice to add a comment while whitelisting an IP.

Remove whitelisted IP in CSF:

csf -ar <ip>

example:

csf -ar 192.168.1.122

[root@techfaqsolutions ~]# csf -ar 192.168.1.122
Removing rule...
ACCEPT all opt -- in !lo out * 192.168.1.122 -> 0.0.0.0/0 
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.122 

Blaclist / Block an IP in CSF:

csf -d <ip> <“comment”>

example:

csf -d 192.168.1.100 "unauthorised access from IP"

[root@techfaqsolutions ~]# csf -d 192.168.1.100 "unauthorised access from IP"
Adding 192.168.1.100 to csf.deny and iptables DROP...
DROP all opt -- in !lo out * 192.168.1.100 -> 0.0.0.0/0 
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.100

It’s good practice to add a comment while Blacklist an IP.

Remove IP from Blacklist in CSF:

csf -dr <ip>

example:

csf -dr 192.168.1.100

[root@techfaqsolutions ~]# csf -dr 192.168.1.100
Removing rule...
DROP all opt -- in !lo out * 192.168.1.100 -> 0.0.0.0/0 
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.100 

Temperary Whitelist / Allow an IP in CSF:

csf -ta <ip>

example:

csf -ta 192.168.1.122

[root@techfaqsolutions ~]# csf -ta 192.168.1.122
ACCEPT all opt -- in !lo out * 192.168.1.122 -> 0.0.0.0/0 
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.122 
csf: 192.168.1.122 allowed on port * for 3600 seconds in and outbound

Remove IP from Whitelist in CSF:

csf -tr <ip>

example:
caf -tr 192.168.1.122

[root@techfaqsolutions ~]# csf -tr 192.168.1.122
csf: There are no temporary IP bans
ACCEPT all opt -- in !lo out * 192.168.1.122 -> 0.0.0.0/0 
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.122 
csf: 192.168.1.122 temporary allow removed

 

Please add as a comment your feedback and queries.


Spread the love

You may also like...

2 Responses

  1. Jubilee Shoals says:

    I hope that you won’t stop writing such interesting articles. I’m waiting for more of your content. I’m going to follow you!

Leave a Reply

Your email address will not be published. Required fields are marked *