Home / Cheat Sheet / Config Server Firewall – CSF cheat sheet

Config Server Firewall – CSF cheat sheet

Config Server Firewall (CSF) is a free and advanced firewall for most Linux distributions and Linux based VPS. In addition to the basic functionality of a firewall – filtering packets – CSF includes other security features, such as login/intrusion/flood detections. CSF includes UI integration for cPanel, DirectAdmin and Webmin, but this tutorial only covers the command line usage. CSF is able to recognize many attacks, such as port scans, SYN floods, and login brute force attacks on many services. It is configured to temporarily block clients who are detected to be attacking the cloud server. CSF command line cheat sheet - blackMORE Ops - 1

The full list of supported operating systems and features can be found on ConfigServer’s website.

Following is a CSF cheat sheet with I created from it’s help menu. Out of the commands, I use some more extensively and they are listed on top of this table.

Command Extended Command Description Example
csf -h –help Show this message root@server[~]#csf -h
csf -r –restart Restart firewall rules root@server[~]#csf -r
csf -d [IP.add.re.ss] [comment] –deny ip Deny an IP and add to /etc/csf.deny root@server[~]#csf -d 11.22.33.44 Blocked This Guy
csf -dr [IP.add.re.ss] –denyrm ip Unblock an IP and remove from /etc/csf.deny root@server[~]#csf -dr 22.33.44.55
csf -df –denyf Remove and unblock all entries in /etc/csf.deny root@server[~]#csf -df
csf -tr [IP.add.re.ss] –temprm ip Remove an IP from the temporary IP ban or allow list. root@server[~]#csf -tr 55.66.77.88
csf -td –tempdeny ip ttl [-p port] [-d direction] Add an IP to the temp IP ban list. ttl is how long to blocks for (default:seconds, can use one suffix of h/m/d). root@server[~]#csf -t
csf -a [IP.add.re.ss] [comment] –add ip Allow an IP and add to /etc/csf.allow root@server[~]#csf -a 33.44.55.66 Home IP Address
csf -tf –tempf Flush all IPs from the temporary IP entries root@server[~]#csf -tf
csf -g [IP.add.re.ss] –grep ip Search the iptables rules for an IP match (incl. CIDR) root@server[~]#csf -g 44.55.66.77
csf -v –version Show csf version root@server[~]#csf -v
csf -u –update Check for updates to csf and upgrade if available root@server[~]#csf -u
csf -l –status List/Show iptables configuration
csf -l6 –status6 List/Show ip6tables configuration
csf -s –start Start firewall rules
csf -f –stop Flush/Stop firewall rules (Note: lfd may restart csf)
csf -q –startq Quick restart (csf restarted by lfd)
csf -sf –startf Force CLI restart regardless of LFDSTART setting
csf -ar –addrm ip Remove an IP from /etc/csf.allow and delete rule
csf -t –temp Displays the current list of temp IP entries and their TTLOptional port. Optional direction of block can be one of: in, out or inout (default:in)
csf -ta –tempallow ip, ttl [-p port] [-d direction] Add an IP to the temp IP allow list (default:inout)
csf -cp –cping PING all members in an lfd Cluster
csf -cd –cdeny ip Deny an IP in a Cluster and add to /etc/csf.deny
csf -ca –callow ip Allow an IP in a Cluster and add to /etc/csf.allow
csf -cr –crm ip Unblock an IP in a Cluster and remove from /etc/csf.deny
csf -cc –cconfig [name] [value] Change configuration option [name] to [value] in a Cluster
csf -cf –cfile [file] Send [file] in a Cluster to /etc/csf/
csf -crs –crestart Cluster restart csf and lfd
csf -w –watch ip Log SYN packets for an IP across iptables chains
csf -m –mail [addr} Display Server Check in HTML or email to [addr] if present
csf -lr –logrun Initiate Log Scanner report via lfd
csf -c –check Check for updates to csf but do not upgrade
csf -uf Force an update of csf
csf -x –disable Disable csf and lfd
csf -e –enable Enable csf and lfd if previously disabled

Whitelisting IP Address / Subnet

In order to prevent specific IP from being blocked, even for a temporary deny, you need to list their IP address in the csf.allow file. For example:

###############################################################################
# Copyright 2006-2016, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################
# The following IP addresses will be allowed through iptables.
# One IP address per line.
# CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24).
# Only list IP addresses, not domain names (they will be ignored)
#
# Advanced port+ip filtering allowed with the following format
# tcp/udp|in/out|s/d=port|s/d=ip
# See readme.txt for more information
#
# Note: IP addressess listed in this file will NOT be ignored by lfd, so they
# can still be blocked. If you do not want lfd to block an IP address you must
# add it to csf.ignore
77.88.99.0/21 # Manually allowed - Mon Apr 03 21:24:45 2016
66.55.44.0/20 # Manually allowed - Mon Jun 16 21:24:45 2014
44.33.22.11/32 # Home IP
11.22.33.44/24 # Local ISP

Save file and restart csf and lfd.

Check Also

Limiting access to specific ports by country in CSF - blackMORE Ops - 1

Limiting access to specific ports by country in CSF

If you have a dedicated server or a VPS, chances are you are the only …

2 comments

  1. Hi, i just want to ask permission if it would be okay to print your cheat sheet for our reference? It would be a great help to us. Thanks.

Use WordPress.com, Twitter, Facebook, or Google+ accounts to comment (anonymous comments allowed)

This site uses Akismet to reduce spam. Learn how your comment data is processed.