Comprehensive Guide to CSF (ConfigServer Security & Firewall) Commands #
ConfigServer Security & Firewall (CSF) is a firewall application commonly used on Linux servers to enhance security by providing an advanced interface for managing iptables. CSF comes with a daemon, lfd (Login Failure Daemon), which helps mitigate brute-force attacks and other threats.
1. Installation & Basic Configuration #
Installing CSF on Linux #
Before using CSF, ensure that you have it installed on your system.
bashCopyEditcd /usr/src
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Once installed, CSF needs to be configured.
Enable CSF #
CSF runs in TESTING mode by default. To fully enable it, edit the configuration file:
bashCopyEditnano /etc/csf/csf.conf
Find the following line:
iniCopyEditTESTING = "1"
Change it to:
iniCopyEditTESTING = "0"
Save and exit, then restart CSF:
bashCopyEditcsf -r
2. Basic CSF Commands #
Starting, Restarting, and Stopping CSF #
- Start CSF:bashCopyEdit
csf -s - Restart CSF:bashCopyEdit
csf -r - Stop CSF:bashCopyEdit
csf -x - Check the CSF status:bashCopyEdit
csf -sThis will show the current firewall rules applied.
3. Managing Firewall Rules #
CSF allows you to easily manage IPs, ports, and services.
Allow an IP #
To allow an IP through the firewall:
bashCopyEditcsf -a <IP> "Reason for allow"
Example:
bashCopyEditcsf -a 192.168.1.100 "Allow internal admin access"
Deny an IP #
To block an IP:
bashCopyEditcsf -d <IP> "Reason for deny"
Example:
bashCopyEditcsf -d 203.0.113.5 "Blocked due to brute-force attempt"
Remove an IP from the Deny List #
bashCopyEditcsf -dr <IP>
Example:
bashCopyEditcsf -dr 203.0.113.5
Temporary IP Block #
To block an IP temporarily (e.g., for 30 minutes):
bashCopyEditcsf -td <IP> <Minutes> "Reason for temporary block"
Example:
bashCopyEditcsf -td 203.0.113.5 30 "Suspected malicious activity"
Removing an IP from the Allow List #
bashCopyEditcsf -ar <IP>
Example:
bashCopyEditcsf -ar 192.168.1.100
4. Managing Ports #
CSF allows you to manage open and closed ports via its configuration file.
Manually Allow Ports #
bashCopyEditcsf -a <PORT>/tcp
csf -a <PORT>/udp
Example:
bashCopyEditcsf -a 8080/tcp
Alternatively, edit the CSF configuration file:
bashCopyEditnano /etc/csf/csf.conf
Find and edit:
iniCopyEditTCP_IN = "22,80,443,8080"
TCP_OUT = "22,80,443,8080"
Save and restart CSF:
bashCopyEditcsf -r
Closing a Port #
To block a specific port, remove it from csf.conf or run:
bashCopyEditcsf -d <PORT>/tcp
Example:
bashCopyEditcsf -d 3306/tcp
5. Checking and Managing CSF Logs #
CSF logs provide insights into firewall activity.
Check Currently Blocked IPs #
bashCopyEditcsf -g <IP>
Example:
bashCopyEditcsf -g 203.0.113.5
This will return details about why an IP is blocked.
View CSF Logs in Real-time #
bashCopyEdittail -f /var/log/lfd.log
List All Temporary Blocks #
bashCopyEditcsf -t
Flush All Temporary Blocks #
bashCopyEditcsf -tf
6. Advanced Features #
Uninstall CSF #
If you need to remove CSF:
bashCopyEditcd /etc/csf
sh uninstall.sh
Restart the LFD Daemon #
If you need to restart the lfd (Login Failure Daemon):
bashCopyEditsystemctl restart lfd
Whitelist IPs from CSF Block #
If an IP keeps getting blocked, add it to the whitelist:
bashCopyEditnano /etc/csf/csf.allow
Add:
iniCopyEdit192.168.1.100
Then restart CSF:
bashCopyEditcsf -r
7. CSF Configuration File Explained #
CSF’s main configuration file is located at:
bashCopyEdit/etc/csf/csf.conf
Some important settings:
- TCP_IN/TCP_OUT – Allowed inbound/outbound TCP ports.
- UDP_IN/UDP_OUT – Allowed inbound/outbound UDP ports.
- DENY_IP_LIMIT – Maximum number of blocked IPs.
- LF_TRIGGER – Defines how many login failures before an IP is blocked.
To apply changes, restart CSF:
bashCopyEditcsf -r
8. Automating CSF with Cron Jobs #
You can automate CSF commands by adding them to a cron job.
Example: Block an IP at specific times:
bashCopyEditcrontab -e
Add:
iniCopyEdit0 2 * * * csf -d 203.0.113.5 "Auto block"
This will block the IP every day at 2 AM.
9. Conclusion #
CSF is a powerful tool for managing firewall rules, blocking unwanted traffic, and securing your server. Whether you need to block IPs, allow specific ports, or monitor logs, CSF provides a robust interface for managing security
