Recommended VPS Complete list of best VPS hosting providers.

Basic CSF Firewall Command to Secure Your Server

Here in this page I put a nice compilation of some common unix command to use CSF security tool providing basic and necessary security level on your VPS. Sawiyati has posted few days ago a nice tutorial on how to install / setup ConfigServer Security and Firewall (CSF) on VPS but she forgot to also mention some basic command on how to use that very popular firewall tool.

Obviously, before you go with these command examples, make sure you firstly install CSF on your server following what’s described on previous guide.

p.s:

  • Add sudo prefix if you are not logged in as root.
  • Change 123.123.123.123 with actual IP address you wish.

This is an example why you gonna need a firewall or at least a tool to block failed login attempts like Fail2ban.

2015-08-09_073512

Allow an IP Address

You can whitelist a specific IP so any connection from that IP will be allowed on CSF:

csf -a 123.123.123.123

That will add IP address 123.123.123.123 in /etc/csf/csf.allow. Do not forget to restart the firewall after whitelisting the IP address.

csf-a-command

Remove a blocked IP address

You can remove a specific IP from CSF blocked list without having to add it to your whitelist

csf -dr 123.123.123.123

That will remove 123.123.123.123 from CSF deny list.

csf-dr-command

Block an IP address

csf -d 123.123.123.123

That will add 123.123.123.123 to CSF list of denied IP address (blocked)

csf-d-command2

Check whether an IP is blocked by CSF or not

csf -g 123.123.123.123

That will show whether an IP is blocked by CSF service or not.

csf-g-command

if blocked:

csf-g-command2

Disable CSF and lfd completely

csf -x

That will disable CSF service completely from running.

csf-x-command

Enable CSF service

csf -e

That will enable CSF service.

csf-e-command2

Restart CSF service

csf -r

Flush CSF firewall

csf -f

csf-f-command

Remove an IP from CSF allow list

csf -ar 123.123.123.123

That will remove IP address from /etc/csf/csf.allow.

csf-ar-command

Thanks for reading. Please have no doubt to leave me comment for some more opinions or tips regarding basic command we can use to secure a VPS with CSF firewall.

Add a Comment

Your email address will not be published.

Get more stuff like this
in your inbox

Subscribe and get interesting stuff plus faster updates to your email.