How to Manage ConfigServer Firewall (CSF) Using SSH Command Line

How to Manage ConfigServer Firewall (CSF) Using SSH Command Line

The standard Linux firewall is called iptables, whilst it is extremely powerful and offers the ability to customise the rules to improve the overall security of your server, it is often seen as being extremely complex to manage.

ConfigServer Firewall, also known as CSF, is an advanced firewall configuration script for Linux which enables you to manage the configuration of iptables all from within its easy to use intuitive GUI for managing the firewall settings giving improved security of your Linux server.

In this guide, we will show you essential commands detailing how to manage your individual and cluster ConfigServer Firewall (CSF) servers using the SSH command line. The ConfigServer team have enabled all CSF functionality to be managed easily through the command line which many find easier. We have presented the commands in a cheat sheet format, meaning we will show you the CSF command, describe what it does and show you an example.

CSF Commands

CommandDescriptionExample
csf -hShow the help message[root@vpsb ~]# csf -h
csf -vShow CSF version[root@vpsb ~]# csf -v
csf -cCheck for updates to csf but do not upgrade[root@vpsb ~]# csf -c
csf -uCheck for updates to csf nd upgrade if available[root@vpsb ~]# csf -u
csf -eEnable CSF[root@vpsb ~]# csf -e
csf -xDisable CSF[root@vpsb ~]# csf -x
csf -rRestart CSF Firewall[root@vpsb ~]# csf -r
csf -fFlush/Stop firewall rules (note: lfd may restart csf)[root@vpsb ~]# csf -f
csf -raRestart CSF & LFD Firewall[root@vpsb ~]# csf -ra
csf -a [IP] [Comment]Allow an IP and add to /etc/csf/csf.allow[root@vpsb ~]# csf -a 192.168.0.1 Home IP
csf -ar [IP]Remove an IP from /etc/csf/csf.allow[root@vpsb ~]# csf -ar 192.168.0.1 Home IP
csf -td [IP] 86400 [Comment]Place an IP on the temporary deny list in /csf/csf.tempban for 24 hours, (defined in seconds)[root@vpsb ~]# csf -td 192.168.0.1 86400 Port Scan
csf -tr [IP]Remove an IP from the temporary IP ban or allow list.[root@vpsb ~]# csf -tr 192.168.0.1
csf -tfFlush all IPs from the temporary IP entries[root@vpsb ~]# csf -tf
csf -d [IP] [Comment]Deny an IP and add to /etc/csf/csf.deny[root@vpsb ~]# csf -d 192.168.0.1 Block This IP
csf -dr [IP]Unblock an IP and remove from /etc/csf/csf.deny[root@vpsb ~]# csf -dr 192.168.0.1
csf -dfRemove and unblock all entries in /etc/csf/csf.deny[root@vpsb ~]# csf -df
csf -g [IP]Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number)[root@vpsb ~]# csf -g 192.168.0.1
csf -tDisplays the current list of temporary allow and deny IP entries with their TTL and comments[root@vpsb ~]# csf -t

 

CSF Cluster Commands

CommandDescriptionExample
csf -cpPING all members in an lfd Cluster[root@vpsb ~]# csf -cp
csf -cd [IP] [Comment]Deny an IP in a Cluster and add to /etc/csf.deny[root@vpsb ~]# csf -cd 192.168.0.1 Ban This IP
csf -ctd [IP] [Comment]Add an IP in a Cluster to the temp IP ban list (default:in)[root@vpsb ~]# csf -ctd 192.168.0.1 Temp Ban This IP
csf -ca [IP] [Comment]Allow an IP in a Cluster and add to /etc/csf.allow[root@vpsb ~]# csf -ca 192.168.0.1 Home IP
csf -cta [IP]Add an IP in a Cluster to the temp IP allow list (default:in)[root@vpsb ~]# csf -cta 192.168.0.1
csf -cr [IP]Unblock an IP in a Cluster and remove from /etc/csf.deny[root@vpsb ~]# csf -cr 192.168.0.1
csf -car [IP]Remove allowed IP in a Cluster and remove from each remote /etc/csf/csf.allow and temporary list[root@vpsb ~]# csf -car 192.168.0.1
csf -cc [Name] [Value]Change configuration option [name] to [value] in a Cluster[root@vpsb ~]# csf -cc TESTING 0
csf -cf [File]Send allow file to Cluster (/etc/csf/csf.allow)[root@vpsb ~]# csf -cf /etc/csf/csf.allow
csf -cf [File]Send deny file to Cluster (/etc/csf/csf.deny)[root@vpsb ~]# csf -cf /etc/csf/csf.deny
csf -crsCluster restart csf and lfd[root@vpsb ~]# csf -crs
csf -cg [IP] [Comment]Requests the –grep output for IP from each member in an lfd
# Cluster
[root@vpsb ~]# csf -cg 192.168.0.1 Home IP

That’s it. You have now successfully learnt the essential commands on how to control your individual and cluster ConfigServer Firewall (CSF) servers using the SSH command line.

VPSBasics

VPSBasics

This guide was written by the VPS Basics editorial team, led by Gilberto Van Roosen. They are a unique blend of people who are dedicated to providing highly detailed, comprehensive and easy to follow tutorials, written in plain English. They specialise in tutorials for managing Linux servers, its software and WordPress.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.