You have CSF installed and use the GUI to do most things. (If you don’t have it installed yet, you can read our article on how to install csf). BUT – knowing the csf (ConfigServer Firewall) flags will help you to quickly get things done via command line – instead of loading up the GUI every single time.
Here are some of the ones I use all the time.
csf -r (Restart CSF)
csf -d (quick deny an ip: csf -d xxx.xxx.xxx.xxx)
csf -a (quick allow / whitelist an ip: csf -a xxx.xxx.xxx.xxx)
csf -dr (unblock an ip and remove from the deny list: csf -dr xxx.xxx.xxx.xxx)
Here are all of them:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
Usage: /usr/sbin/csf [option] [value] Option Meaning -h, --help Show this message -l, --status List/Show iptables configuration -l6, --status6 List/Show ip6tables configuration -s, --start Start firewall rules -f, --stop Flush/Stop firewall rules (Note: lfd may restart csf) -r, --restart Restart firewall rules -q, --startq Quick restart (csf restarted by lfd) -sf, --startf Force CLI restart regardless of LFDSTART setting -a, --add ip Allow an IP and add to /etc/csf.allow -ar, --addrm ip Remove an IP from /etc/csf.allow and delete rule -d, --deny ip Deny an IP and add to /etc/csf.deny -dr, --denyrm ip Unblock an IP and remove from /etc/csf.deny -df, --denyf Remove and unblock all entries in /etc/csf.deny -g, --grep ip Search the iptables rules for an IP match (incl. CIDR) -t, --temp Displays the current list of temp IP entries and their TTL -tr, --temprm ip Remove an IPs from the temp IP ban and allow list -td, --tempdeny ip ttl [-p port] [-d direction] Add an IP to the temp IP ban list. ttl is how long to blocks for (default:seconds, can use one suffix of h/m/d). Optional port. Optional direction of block can be one of: in, out or inout (default:in) -ta, --tempallow ip ttl [-p port] [-d direction] Add an IP to the temp IP allow list (default:inout) -tf, --tempf Flush all IPs from the temp IP entries -cp, --cping PING all members in an lfd Cluster -cd, --cdeny ip Deny an IP in a Cluster and add to /etc/csf.deny -ca, --callow ip Allow an IP in a Cluster and add to /etc/csf.allow -cr, --crm ip Unblock an IP in a Cluster and remove from /etc/csf.deny -cc, --cconfig [name] [value] Change configuration option [name] to [value] in a Cluster -cf, --cfile [file] Send [file] in a Cluster to /etc/csf/ -crs, --crestart Cluster restart csf and lfd -w, --watch ip Log SYN packets for an IP across iptables chains -m, --mail [addr] Display Server Check in HTML or email to [addr] if present -lr, --logrun Initiate Log Scanner report via lfd -c, --check Check for updates to csf but do not upgrade -u, --update Check for updates to csf and upgrade if available -uf Force an update of csf -x, --disable Disable csf and lfd -e, --enable Enable csf and lfd if previously disabled -v, --version Show csf version |
Related posts from Linux Brigade!
Search previous commands typed If you want to see a collection of your previous commands used in Linux, you can always type ‘history’ for a listing of them. You can even search through history by grepping for the […]
LFD: Excessive resource usage If you run the CSF/LFD firewall on your server then you’ve no doubt seen the emails complaining about high resource usage for various accounts. This small tutorial will show you how to […]
Import MySQL database from command line You’ll need to import a database via command line from time to time – I’ll normally opt for this anyway. After seeing how easy it is, you’ll probably end up using the command line instead […]- Enable statistics in Configserver Firewall (CSF) I’ve noticed recently that a new install of CSF won’t have statistics enabled by default. Here’s how to enable them…
Edit your /etc/csf/csf.conf file and change:
ST_ENABLE = […]
- cPanel / CSF: Fix 500 internal server error or 404 for the CSF GUI I’ve run into this a couple times – where I’ll spin up a CentOS/cPanel machine, then run a cpupdate (/scripts/upcp) to get cpanel up to date. I’ll then go into the configserver firewall […]
Thank you for the very informative article. I’m a bit of a newbie with Linux and your articles provide valuable help and information. Just like mentioned in the article I used to load up the GUI every time but now I can do things much simpler and faster. Keep the good articles coming.
Phew, this has saved me a lot of time waiting for my GUI to load during syn_ack attack
How would you add a c class to CSF?