More on CSF Commands
->csf -s
(or)
->csf --start
It will start the firewall rules.
->csf -f
(or)
->csf --stop
it will flush/stop firewall rules.
->csf -r
(or)
->csf --restart
it will restart the firewall rules.
->csf -l
(or)
->csf --status
it will list/show ipv4 tables configuration.
->csf -l6
(or)
->csf –status6
it will list/show ipv6 tables configuration.
First You have come to know some of the configuration files for the upcoming commands.
Here are the configuration files
csf.conf : Configuration file for controlling CSF.
csf.allow : All Allowed IP’s and CIDR addresses list on the firewall.
csf.deny : All Denied IP’s and CIDR addresses list on the firewall.
csf.ignore : All Ignored IP’s and CIDR addresses list on the firewall.
csf.*ignore : The list of various ignore files of users, IP’s.
Note: CIDR (Classless Inter-Domain Routing or supernetting)
A CIDR network address looks like this:
192.30.250.00/18 ->csf -a IP [comment] (or)
->csf --add IP [comment]
This allows the IP mentioned in command and adds it in /etc/csf/csf.allow
ex:
csf -a 192.168.0.5 [HR SYSTEM]
->csf -ar IP
(or)
->csf --addrm IP
It used to remove any unwanted allowed IP in /etc/csf/csf.allow
->csf -d IP
(or)
->csf --deny IP
This denies the IP mentioned in command and adds it in /etc/csf/csf.deny
->csf -dr IP
(or)
->csf –denyrm IP
Unblock the denied IP and remove it from /etc/csf/csf.deny
->csf -df
(or)
->csf -denyf
Remove and unblock all entries in /etc/csf/csf.deny
->csf -g
(Or)
->csf --grep ip
It is used to search an IP,CIDR,Port Number in the ipv4tables and ipv6tables rules
->csf -t
(or)
->csf --temp
It displays list of temporary allowed and denied IP entries with their TTL and comment
->csf -ta ip ttl [-p port] [-d direction] [comment] (or) ->csf --tempallow ip ttl [-p port] [-d direction] [comment]
Where ttl is the time to live in seconds - Default value: 3600
Add an IP to the temp IP allow list
->csf -td ip ttl [-p port] [-d direction] [comment] (or) ->csf --tempdeny ip ttl [-p port] [-d direction] [comment]
Add an IP to the temp IP ban list.
->csf -tr (or) ->csf --temprm ip
Remove an IP from the temporarly allowed or baned IP list
->csf -tf (or) ->csf –tempf
Flush removes all IPs from the temporary allowed or baned IP list
-> csf -v (or) ->csf --version To find out the csf version installed in the sevrer. -> csf -c (or) ->csf --check it will check the update for csf, but it wont upgrade ->csf -u (or) ->csf --update it will check the update for csf and upgrade if available ->csf -h (or) csf --help To know more about CSF command