In this article we will discuss ConfigServer Security Firewall or CSF useful commands. In this era of cyber attacks it is very important to setup a firewall to protect our servers from cyber attackers and one of the most popular Linux firewall today is CSF.
ConfigServer Security Firewall or CSF, is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.
ConfigServer Security Firewall also comes with LFD or Login Failure Daemon service that watches users activity such us excessive login failures often called “Brute-force attacks” and suspicious process running on a certain user .
CSF has wide range of options to manage Linux firewall via comman-line and from the control panel. CSF is mostly used in Control Panels like DirectAdmin and WHM/cPanel.
Useful Commands:
Checking the status of CSF service
[root@host ~]# sudo systemctl status csf
● csf.service - ConfigServer Firewall & Security - csf
Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: disabled)
Active: active (exited) since Sat 2021-10-30 08:39:07 UTC; 3 weeks 5 days ago
Main PID: 20825 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/csf.serviceIf you want to disable CSF you can run:
csf -xTo enable CSF:
csf -eAllowing an IP address:
csf -a 192.168.1.1This command will allow IP address 1.1.1.1 to access server.
Placing an IP on the temporary deny list which is in /var/lib/csf/csf.tempban
csf -td 192.168.1.1IP address 192.168.1.1 will be placed to the temporary deny list.
To remove the IP address from temporary IP ban:
csf -tr 192.168.1.1To deny or block the IP:
csf -d 192.168.1.1The IP will be placed to etc/csf/csf.deny.
To unblock the IP:
csf -dr 192.168.1.1The IP will be removed from etc/csf/csf.deny.
Displaying the current list of temporary allowed and denied IP address:
csf -tWhitelisting an IP Address
In order to fully whitelist an IP address you need to add the IP to csf.ignore this will instruct LFD to ignore the IP , and please make sure to restart CSF after adding the IP to csf.ignore(/etc/csf/csf.ignore).
Restarting CSF and LFD:
[root@host ~]# sudo systemctl restart csf[root@host ~]# sudo systemctl restart csfConclusion
We have discussed the most useful command in CSF. If you like this article you might also like our article on Fail2Ban.
Hope yo
If you have questions, feel free to leave a comment and we will try to answer it.
Thank you and hope you enjoy our tutorial ?
