Basic CSF Firewall Command to Secure Your Server
| |Here in this page I put a nice compilation of some common unix command to use CSF security tool providing basic and necessary security level on your VPS. Sawiyati has posted few days ago a nice tutorial on how to install / setup ConfigServer Security and Firewall (CSF) on VPS but she forgot to also mention some basic command on how to use that very popular firewall tool.
Obviously, before you go with these command examples, make sure you firstly install CSF on your server following what’s described on previous guide.
p.s:
- Add sudo prefix if you are not logged in as root.
- Change 123.123.123.123 with actual IP address you wish.
This is an example why you gonna need a firewall or at least a tool to block failed login attempts like Fail2ban.
Allow an IP Address
You can whitelist a specific IP so any connection from that IP will be allowed on CSF:
csf -a 123.123.123.123
That will add IP address 123.123.123.123 in /etc/csf/csf.allow. Do not forget to restart the firewall after whitelisting the IP address.
Remove a blocked IP address
You can remove a specific IP from CSF blocked list without having to add it to your whitelist
csf -dr 123.123.123.123
That will remove 123.123.123.123 from CSF deny list.
Block an IP address
csf -d 123.123.123.123
That will add 123.123.123.123 to CSF list of denied IP address (blocked)
Check whether an IP is blocked by CSF or not
csf -g 123.123.123.123
That will show whether an IP is blocked by CSF service or not.
if blocked:
Disable CSF and lfd completely
csf -x
That will disable CSF service completely from running.
Enable CSF service
csf -e
That will enable CSF service.
Restart CSF service
csf -r
Flush CSF firewall
csf -f
Remove an IP from CSF allow list
csf -ar 123.123.123.123
That will remove IP address from /etc/csf/csf.allow.
Thanks for reading. Please have no doubt to leave me comment for some more opinions or tips regarding basic command we can use to secure a VPS with CSF firewall.