How to open Port for a single user in CSF?

How to open Port for a single user in CSF?

Being a server administrator you need to secure your server from incoming and outgoing threats. You have heard that most of the server have PORT restrictions and almost all ports are closed other that HTTP, SMTP and FTP, etc.
But, sometimes you need to open a PORT for your client just because he needs to listen to some API or external URL. In that case opening port for whole server is not feasible and may create vulnerabilities in your system.
The best approach here is to secure PORT globally and open for a single user only.
In this topic, we will do the same using CSF in Linux environment.

Let's take an example like we need to open outgoing PORT 5883 for user "hoststud", so that we can make outgoing request on this port.
First, of all we need to know the UID of the user for whom we are opening the port.
# id hoststud
You will get result like:
uid=2377(hoststud) gid=2380(hoststud) groups=2380(hoststud)

Then, we will add the PORT 5883 for user in CSF through below command:
# csf -a "tcp|out|d=5883|u=2377"
This will give you result like below:
Adding tcp|out|d=5883|u=2377 to csf.allow and iptables ACCEPT...
ACCEPT tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:5883owner UID match 2377


Now, you have to restart CSF & LFD to make these changes come in affect.
# systemctl restart {csf,lfd}
Done!
Author
bhawanisingh
Views
4,958
First release
Last update
Rating
0.00 star(s) 0 ratings
Top