CSF CLI(Command Line Interface) Cheat Sheet

Useful CSF SSH Command Line Commands in a “cheat sheet” format.




csf -s Start the firewall rules root@server[~]#csf -s
csf -f Flush/Stop firewall rules (note: lfd may restart csf)
root@server[~]#csf -f
csf -r Restart the firewall rules root@server[~]#csf -r
csf -a [IP.add.re.ss] [comment] Allow an IP(allow access to all ports) and add to /etc/csf/csf.allow
root@server[~]#csf -a Home IP Address
csf -tr [IP.add.re.ss] Remove an IP from the temporary IP ban or allow list.
root@server[~]#csf -tr
csf -tf Flush all IPs from the temporary IP entries
root@server[~]#csf -tf
csf -d [IP.add.re.ss] [comment] Deny an IP and add to /etc/csf/csf.deny root@server[~]#csf -d Blocked This Guy
csf -dr [IP.add.re.ss] Unblock an IP and remove from /etc/csf/csf.deny root@server[~]#csf -dr
csf -df Remove and unblock all entries in /etc/csf/csf.deny root@server[~]#csf -df
csf -g [IP.add.re.ss] Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number) root@server[~]#csf -g
csf -t  Displays the current list of temporary allow and deny IP entries with their TTL and comment root@server[~]#csf -t

Configuration location is in the folder /etc/csf/

Main configuration file: /etc/csf/csf.conf

EXTRA Command line

Enable CSF Firewall

csf -e

Disable CSF Firewall

csf -x

Restart CSF/LFD Firewall (iptables rules and LFD service)

csf -ra

Restart LFD only

service lfd restart

Check blocked IP reason (replace IP with the IP address)

csf -g IP
grep "IP" /var/log/lfd.log

Block IP (temporarily for 24 hours, define in seconds)

csf -td IP 86400

Whitelist IP (allow access to all ports)

csf -a IP

Whitelist IP range /24 (allow access to all ports)

csf -a

Whitelist (temporarily) IP range /24 for 24 hours (allow access to all ports, define in seconds)

csf -ta 86400

Remove all temporary IP blocks

csf -tf

….and many others


Was this article helpful?

mood_bad Dislike 2
mood Like 1
visibility Views: 7273