CSF (Configuration) - Part2

by Jagadesh 2014-07-25 10:50:57

More on CSF Commands

->csf -s

(or)

->csf --start

It will start the firewall rules.

->csf -f

(or)

->csf --stop

it will flush/stop firewall rules.

->csf -r

(or)

->csf --restart

it will restart the firewall rules.

->csf -l

(or)

->csf --status

it will list/show ipv4 tables configuration.

->csf -l6

(or)

->csf –status6

it will list/show ipv6 tables configuration.

First You have come to know some of the configuration files for the upcoming commands.

Here are the configuration files

csf.conf : Configuration file for controlling CSF.

csf.allow : All Allowed IP’s and CIDR addresses list on the firewall.

csf.deny : All Denied IP’s and CIDR addresses list on the firewall.

csf.ignore : All Ignored IP’s and CIDR addresses list on the firewall.

csf.*ignore : The list of various ignore files of users, IP’s.

Note: CIDR (Classless Inter-Domain Routing or supernetting)

A CIDR network address looks like this:

192.30.250.00/18

->csf -a IP [comment]
(or)

->csf --add IP [comment]

This allows the IP mentioned in command and adds it in /etc/csf/csf.allow

ex:

csf -a 192.168.0.5 [HR SYSTEM]

->csf -ar IP

(or)

->csf --addrm IP

It used to remove any unwanted allowed IP in /etc/csf/csf.allow

->csf -d IP

(or)

->csf --deny IP

This denies the IP mentioned in command and adds it in /etc/csf/csf.deny

->csf -dr IP

(or)

->csf –denyrm IP

Unblock the denied IP and remove it from /etc/csf/csf.deny

->csf -df

(or)

->csf -denyf

Remove and unblock all entries in /etc/csf/csf.deny

->csf -g

(Or)

->csf --grep ip

It is used to search an IP,CIDR,Port Number in the ipv4tables and ipv6tables rules

->csf -t

(or)

->csf --temp

It displays list of temporary allowed and denied IP entries with their TTL and comment

->csf -ta ip ttl [-p port] [-d direction] [comment]
(or)
->csf --tempallow ip ttl [-p port] [-d direction] [comment]

Where ttl is the time to live in seconds - Default value: 3600

Add an IP to the temp IP allow list

->csf -td ip ttl [-p port] [-d direction] [comment]
(or)
->csf --tempdeny ip ttl [-p port] [-d direction] [comment]

Add an IP to the temp IP ban list.

->csf -tr 
(or)
->csf --temprm ip

Remove an IP from the temporarly allowed or baned IP list

->csf -tf 
(or) 
->csf –tempf

Flush removes all IPs from the temporary allowed or baned IP list

-> csf -v 
(or) 
->csf --version 

To find out the csf version installed in the sevrer.

-> csf -c 
(or)
->csf --check 

it will check the update for csf, but it wont upgrade 

->csf -u 
(or)
->csf --update

it will check the update for csf and upgrade if available

->csf -h 
(or)
csf --help 

To know more about CSF command
815
like
0
dislike
0
mail
flag

You must LOGIN to add comments