Useful CSF SSH Command Line Commands in a “cheat sheet” format.
Command |
Description |
Example |
---|---|---|
csf -s | Start the firewall rules | root@server[~]#csf -s |
csf -f | Flush/Stop firewall rules (note: lfd may restart csf) |
root@server[~]#csf -f |
csf -r | Restart the firewall rules | root@server[~]#csf -r |
csf -a [IP.add.re.ss] [comment] | Allow an IP(allow access to all ports) and add to /etc/csf/csf.allow |
root@server[~]#csf -a 187.33.3.3 Home IP Address |
csf -tr [IP.add.re.ss] | Remove an IP from the temporary IP ban or allow list. |
root@server[~]#csf -tr 66.192.23.1 |
csf -tf | Flush all IPs from the temporary IP entries |
root@server[~]#csf -tf |
csf -d [IP.add.re.ss] [comment] | Deny an IP and add to /etc/csf/csf.deny | root@server[~]#csf -d 66.192.23.1 Blocked This Guy |
csf -dr [IP.add.re.ss] | Unblock an IP and remove from /etc/csf/csf.deny | root@server[~]#csf -dr 66.192.23.1 |
csf -df | Remove and unblock all entries in /etc/csf/csf.deny | root@server[~]#csf -df |
csf -g [IP.add.re.ss] | Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number) | root@server[~]#csf -g 66.192.23.1 |
csf -t | Displays the current list of temporary allow and deny IP entries with their TTL and comment | root@server[~]#csf -t |
Configuration location is in the folder /etc/csf/
Main configuration file: /etc/csf/csf.conf
EXTRA Command line
Enable CSF Firewall
csf -e
Disable CSF Firewall
csf -x
Restart CSF/LFD Firewall (iptables rules and LFD service)
csf -ra
Restart LFD only
service lfd restart
Check blocked IP reason (replace IP with the IP address)
csf -g IP grep "IP" /var/log/lfd.log
Block IP (temporarily for 24 hours, define in seconds)
csf -td IP 86400
Whitelist IP (allow access to all ports)
csf -a IP
Whitelist IP range /24 (allow access to all ports)
csf -a 192.168.0.0/24
Whitelist (temporarily) IP range /24 for 24 hours (allow access to all ports, define in seconds)
csf -ta 192.168.0.0/24 86400
Remove all temporary IP blocks
csf -tf
….and many others