Use of CSF Firewall in Linux

Share It!

The thought with csf firewall, as with most iptables firewall configurations, is to block everything and athen allow through only those connections that you need. This is done in iptables by DROPPING all connections in and out of the server on all protocols. Then allow traffic in and out from existing connections. Then open ports up in and outgoing for both TCP and UDP individually.
CSF Firewall

See Also:

  • Install CSF (ConfigServer Firewall) Firewall on Linux
  • Block Countries using CSF Firewall On Linux
  • CSF Configuration Files in Linux
  • Email Alert Setup for CSF
  • Open Ports

    Open up the following file to open any ports using CSF Firewall:

    # vim /etc/csf/csf.conf
    

    and add the port you mean to open to the needed line:

    # Allow incoming TCP ports
    TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,10000"
    
    # Allow outgoing TCP ports
    TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995,10000"
    
    # Allow incoming UDP ports
    UDP_IN = "20,21,53"
    
    # Allow outgoing UDP ports
    # To allow outgoing traceroute add 33434:33523 to this list
    UDP_OUT = "20,21,53,113,123"
    

    Close Ports

    Closing ports in either firewall are as simple as removing the port from the list in the configuration file, and restarting the firewall.

    # vim /etc/csf/csf.conf
    

    CSF Firwall Principle

    One of the most basic features of a firewall is the ability to block and allow certain IP addresses. You can ignore IP Addresses also using CSF Firewall.

    Block IP addresses
    You might block an IP address or range of IP address, follow below steps.

    # vim /etc/csf/csf.deny
    
    # The following IP addresses will be blocked in iptables
    # One IP address per line
    # CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24)
    # Only list IP addresses, not domain names (they will be ignored)
    #
    # Note: If you add the text "do not delete" to the comments of an entry then
    # DENY_IP_LIMIT will ignore those entries and not remove them
    #
    # Advanced port+ip filtering allowed with the following format
    # tcp/udp|in/out|s/d=port|s/d=ip
    #
    # See readme.txt for more information regarding advanced port filtering
    #
    104.238.189.37 (Block Individual IP Address)
    222.186.21.196 (Block Individual IP Address)
    192.168.10.0/255.255.255.0 (Block IP Addresses Range)
    

    You can also block IP Addresses using following command:

    # csf -d IP_Address
    Or
    # csf --deny IP_Address
    

    Remove an IP from the blocklist

    # csf -dr IP_Address
    

    Allow IP addresses
    You might allow an IP address or range of IP address, follow below steps.

    # vim /etc/csf/csf.allow
    
    # The following IP addresses will be allowed through iptables.
    # One IP address per line.
    # CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24).
    # Only list IP addresses, not domain names (they will be ignored)
    #
    # Advanced port+ip filtering allowed with the following format
    # tcp/udp|in/out|s/d=port|s/d=ip
    # See readme.txt for more information
    #
    # Note: IP addressess listed in this file will NOT be ignored by lfd, so they
    # can still be blocked. If you do not want lfd to block an IP address you must
    # add it to csf.ignore
    192.168.3.250 (Block Individual IP Address)
    192.168.5.0/255.255.255.0 (Allow IP Addresses Range)
    

    You can also block IP Addresses using following command:

    # csf -a IP_Address
    Or
    # csf --allow IP_Address
    

    Ignore IP addresses
    CSF also ability to exclude IP addresses from the firewall filters.

    # vim /etc/csf/csf.ignore
    
    # The following IP addresses will be allowed through iptables.
    # One IP address per line.
    # CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24).
    # Only list IP addresses, not domain names (they will be ignored)
    #
    # Advanced port+ip filtering allowed with the following format
    # tcp/udp|in/out|s/d=port|s/d=ip
    # See readme.txt for more information
    #
    # Note: IP addressess listed in this file will NOT be ignored by lfd, so they
    # can still be blocked. If you do not want lfd to block an IP address you must
    # add it to csf.ignore
    192.168.3.250 (Block Individual IP Address)
    192.168.5.0/255.255.255.0 (Allow IP Addresses Range)
    

    Search IP Addresses
    Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number)

    # csf -g IP_Address
    Or
    # csf --grep IP_Address
    

    View Ports
    View ports on the server that have a running process behind them listening for external connections.

    # csf -p
    Or
    # csf --ports
    

    Disable csf and lfd
    Run following command to disable csf and lfd completely.

    # csf -x
    Or
    # csf --disable
    

    Disable csf and lfd
    Run following command to enable csf and lfd if previously disabled

    # csf -e
    Or
    # csf --enable
    

    Mail yourself a general security check
    Display Server Check in HTML or email to [email] if present.

    # csf -m dennis.r@techoism.com
    Or
    # csf --mail dennis.r@techoism.com
    

    Restart CSF Firewall

    CSF then needs to be restarted for the change to take effect:

    # csf -r
    Or
    # csf --restart
    

    Enjoy it!

    No Responses

    Leave a Reply

    Your email address will not be published.