CSF commands

Csf commands

1. Enable csf and lfd if previously disabled

csf -e
Or
csf –enable

2. Disable csf and lfd completely

csf -x
Or
csf –disable

3. Restart firewall rules

csf -r
Or
csf –restart

4. Start the firewall rules

csf -s
Or
csf –start

5. Flush/Stop firewall rules (Note: lfd may restart csf)

csf -f
Or
csf –stop

6. List/Show the IPv4 iptables configuration

csf -l
Or
csf –status

7. List/Show the IPv6 ip6tables configuration

csf -l6
Or
csf –status6

You must have some ideas about the following configuration files for using some other csf commands.

csf.conf : Configuration file for controlling CSF.
csf.allow : Allowed IP’s and CIDR addresses list on the firewall.
csf.deny : Denied IP’s and CIDR addresses list on the firewall.
csf.ignore : Ignored IP’s and CIDR addresses list on the firewall.
csf.*ignore : The list of various ignore files of users, IP’s.

8. Allow an IP and add to /etc/csf/csf.allow

csf -a ip [comment]
Or
csf –add ip [comment]

You can add your comments in the square bracket. See the example below:

[root@server ~]# csf -a 6x.8xx.1×2.8x [My server]

9. Remove an IP from /etc/csf/csf.allow and delete rule

csf -ar
Or
csf –addrm ip

10. Deny an IP and add to /etc/csf/csf.deny

csf -d
Or
csf –deny ip [comment]

11. Unblock an IP and remove from /etc/csf/csf.deny

csf -dr
Or
csf –denyrm ip

12. Remove and unblock all entries in /etc/csf/csf.deny

csf -df
Or
csf –denyf

13. Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number)

csf -g
Or
csf –grep ip

14. Displays the current list of temporary allow and deny IP entries with their TTL and comment

csf -t
Or
csf –temp

15. Add an IP to the temp IP allow list (default:inout)

csf -ta ip ttl [-p port] [-d direction] [comment]
Or
csf –tempallow ip ttl [-p port] [-d direction] [comment]

Where ttl is the time to live in seconds(Default value: 3600)

16. Add an IP to the temp IP ban list.

csf -td ip ttl [-p port] [-d direction] [comment]
Or
csf –tempdeny ip ttl [-p port] [-d direction] [comment]

17. Remove an IP from the temporary IP ban or allow list

csf -tr
Or
csf –temprm ip

18. Flush all IPs from the temporary IP entries

csf -tf
Or
csf –tempf

19. General commands:

csf -v Or csf –version : Show csf version
csf -c Or csf –check : Check for updates to csf but do not upgrade
csf -u Or csf –update : Check for updates to csf and upgrade if available
csf -h Or csf –help : For help

Advertisements