How to Manage ConfigServer Firewall (CSF) Using SSH Command Line

The standard Linux firewall is called iptables, whilst it is extremely powerful and offers the ability to customise the rules to improve the overall security of your server, it is often seen as being extremely complex to manage.

ConfigServer Firewall, also known as CSF, is an advanced firewall configuration script for Linux which enables you to manage the configuration of iptables all from within its easy to use intuitive GUI for managing the firewall settings giving improved security of your Linux server.

In this guide, we will show you essential commands detailing how to manage your individual and cluster ConfigServer Firewall (CSF) servers using the SSH command line. The ConfigServer team have enabled all CSF functionality to be managed easily through the command line which many find easier. We have presented the commands in a cheat sheet format, meaning we will show you the CSF command, describe what it does and show you an example.

CSF Commands

CSF Commands
CommandDescriptionExample
csf -hShow the help message[root@vpsb ~]# csf -h
csf -vShow CSF version[root@vpsb ~]# csf -v
csf -cCheck for updates to csf but do not upgrade[root@vpsb ~]# csf -c
csf -uCheck for updates to csf nd upgrade if available[root@vpsb ~]# csf -u
csf -eEnable CSF[root@vpsb ~]# csf -e
csf -xDisable CSF[root@vpsb ~]# csf -x
csf -rRestart CSF Firewall[root@vpsb ~]# csf -r
csf -fFlush/Stop firewall rules (note: lfd may restart csf)[root@vpsb ~]# csf -f
csf -raRestart CSF & LFD Firewall[root@vpsb ~]# csf -ra
csf -a [IP] [Comment]Allow an IP and add to /etc/csf/csf.allow[root@vpsb ~]# csf -a 192.168.0.1 Home IP
csf -ar [IP]Remove an IP from /etc/csf/csf.allow[root@vpsb ~]# csf -ar 192.168.0.1 Home IP
csf -td [IP] 86400 [Comment]Place an IP on the temporary deny list in /csf/csf.tempban for 24 hours, (defined in seconds)[root@vpsb ~]# csf -td 192.168.0.1 86400 Port Scan
csf -tr [IP]Remove an IP from the temporary IP ban or allow list.[root@vpsb ~]# csf -tr 192.168.0.1
csf -tfFlush all IPs from the temporary IP entries[root@vpsb ~]# csf -tf
csf -d [IP] [Comment]Deny an IP and add to /etc/csf/csf.deny[root@vpsb ~]# csf -d 192.168.0.1 Block This IP
csf -dr [IP]Unblock an IP and remove from /etc/csf/csf.deny[root@vpsb ~]# csf -dr 192.168.0.1
csf -dfRemove and unblock all entries in /etc/csf/csf.deny[root@vpsb ~]# csf -df
csf -g [IP]Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number)[root@vpsb ~]# csf -g 192.168.0.1
csf -tDisplays the current list of temporary allow and deny IP entries with their TTL and comments[root@vpsb ~]# csf -t

CSF Cluster Commands

CSF Cluster Commands
CommandDescriptionExample
csf -cpPING all members in an lfd Cluster[root@vpsb ~]# csf -cp
csf -cd [IP] [Comment]Deny an IP in a Cluster and add to /etc/csf.deny[root@vpsb ~]# csf -cd 192.168.0.1 Ban This IP
csf -ctd [IP] [Comment]Add an IP in a Cluster to the temp IP ban list (default:in)[root@vpsb ~]# csf -ctd 192.168.0.1 Temp Ban This IP
csf -ca [IP] [Comment]Allow an IP in a Cluster and add to /etc/csf.allow[root@vpsb ~]# csf -ca 192.168.0.1 Home IP
csf -cta [IP]Add an IP in a Cluster to the temp IP allow list (default:in)[root@vpsb ~]# csf -cta 192.168.0.1
csf -cr [IP]Unblock an IP in a Cluster and remove from /etc/csf.deny[root@vpsb ~]# csf -cr 192.168.0.1
csf -car [IP]Remove allowed IP in a Cluster and remove from each remote /etc/csf/csf.allow and temporary list[root@vpsb ~]# csf -car 192.168.0.1
csf -cc [Name] [Value]Change configuration option [name] to [value] in a Cluster[root@vpsb ~]# csf -cc TESTING 0
csf -cf [File]Send allow file to Cluster (/etc/csf/csf.allow)[root@vpsb ~]# csf -cf /etc/csf/csf.allow
csf -cf [File]Send deny file to Cluster (/etc/csf/csf.deny)[root@vpsb ~]# csf -cf /etc/csf/csf.deny
csf -crsCluster restart csf and lfd[root@vpsb ~]# csf -crs
csf -cg [IP] [Comment]Requests the –grep output for IP from each member in an lfd
# Cluster
[root@vpsb ~]# csf -cg 192.168.0.1 Home IP

That’s it. You have now successfully learnt the essential commands on how to control your individual and cluster ConfigServer Firewall (CSF) servers using the SSH command line.

How useful was this guide?

Click on a star to rate it!

Average rating / 5. Vote count:

Be the first to rate this guide.

We are sorry that this guide was not useful for you!

Help us to improve this guide!

Tell us how we can improve this guide?

By VPSBasics

This guide was written by the VPS Basics editorial team, led by Gilberto Van Roosen. They are a unique blend of people, dedicated to providing highly detailed, comprehensive and importantly easy to follow tutorials, written in plain English. They specialise in tutorials for managing Linux servers and its software.

Join the Conversation

Note: Your email address will not be published when posting a comment.

Note: All comments are held for moderation and are reviewed by our editorial team prior to approval.

VPSBasics uses Akismet anti-spam filters to reduce spam across our website. Our website is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Learn how your data is processed.