CSF(Config Server Firewall):-
CSF(Config Server Firewall) is a Firewall application which is mostly use by Linux server. It provide various options to control and manage Linux server Firewall through commandline and control panel. CSF configures linux server firewall to manage access to FTP, Email, Websites, control panel, ports, etc. from public access.
CSF also provide a service called LFD(Login Failure Daemon) which blocks the IP's from which excessive login failures are seen and seems like brute force attack. LFD monitors and blocks the IP addresses from which there is large amount of login failures.
How to install CSF ?
We have already discussed and described Installation of CSF on Linux Server.
After installation you have to disable the TESTING mode to work the CSF properly on your server.
You can change it from the configuration file itself.
[root@server #] vim /etc/csf/csf.conf
Then change the value of 'TESTING' from 1 to 0
Some useful CSF commands:-
1. To Enable csf and lfd if previously disabled:-
----
csf -e
Or
csf --enable
----
2. To Disable csf and lfd completely:-
----
csf -x
Or
csf --disable
----
3. To Restart firewall rules:-
----
csf -r
Or
csf --restart
----
4. To Start the firewall rules:-
----
csf -s
Or
csf --start
----
5. To Flush/Stop firewall rules (Note: lfd may restart csf):-
----
csf -f
Or
csf --stop
----
6. To List/Show the IPv4 iptables configuration:-
----
csf -l
Or
csf --status
----
7. To List/Show the IPv6 ip6tables configuration:-
----
csf -l6
Or
csf --status6
----
8. To Allow an IP and add to /etc/csf/csf.allow:-
----
csf -a ip [comment]
Or
csf --add ip [comment]
----
[root@hoststud ~]# csf -a 67.1xx.xx1.21 [Hoststud server]
Adding 67.1xx.xx1.21 to csf.allow and iptables ACCEPT...
ACCEPT all opt -- in !lo out * 67.1xx.xx1.21 -> 0.0.0.0/0
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 67.1xx.xx1.21
67.1xx.xx1.21 – is the IP address and ‘Hoststud server’ inside the square bracket is the comment. You can check the /etc/csf/csf.allow file for more details:
[root@hoststud ~]# grep 67.1xx.xx1.21 /etc/csf/csf.allow
------
67.1xx.xx1.21 # [Hoststud server] - Thu Dec 19 23:16:27 2013
------
9. To Remove an IP from /etc/csf/csf.allow and delete rule:-
----
csf -ar
Or
csf --addrm ip
----
10. To Deny an IP and add to /etc/csf/csf.deny:-
----
csf -d
Or
csf --deny ip [comment]
----
11. To Unblock an IP and remove from /etc/csf/csf.deny:-
----
csf -dr
Or
csf --denyrm ip
----
12. To Remove and unblock all entries in /etc/csf/csf.deny:-
----
csf -df
Or
csf --denyf
----
13. To Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number):-
----
csf -g
Or
csf --grep ip
----
Example:
[root@hoststud ~]# csf -g 67.1xx.xx1.21
Chain num pkts bytes target prot opt in out source destination
ALLOWIN 1 0 0 ACCEPT all -- !lo * 67.1xx.xx1.21 0.0.0.0/0
ALLOWOUT 1 0 0 ACCEPT all -- * !lo 0.0.0.0/0 67.1xx.xx1.21
Temporary allow or deny of IP:
The following csf commands are using to allow or deny an IP address temporary from our server.
14. To displays the current list of temporary allow and deny IP entries with their TTL and comment:-
----
csf -t
Or
csf --temp
----
15. To Add an IP to the temp IP allow list (default:inout):-
----
csf -ta ip ttl [-p port] [-d direction] [comment]
Or
csf --tempallow ip ttl [-p port] [-d direction] [comment]
----
Where ttl is the time to live in seconds(Default value: 3600)
Example:
[root@server ~]# csf -ta 67.1xx.xx1.21
ACCEPT all opt -- in !lo out * 67.1xx.xx1.21 -> 0.0.0.0/0
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 67.1xx.xx1.21
csf: 67.1xx.xx1.21 allowed on port * for 3600 seconds in and outbound
16. To Add an IP to the temp IP ban list.
----
csf -td ip ttl [-p port] [-d direction] [comment]
Or
csf --tempdeny ip ttl [-p port] [-d direction] [comment]
----
Example:
[root@server ~]# csf -td 67.1xx.xx1.21
DROP all opt -- in !lo out * 67.1xx.xx1.21 -> 0.0.0.0/0
csf: 67.1xx.xx1.21 blocked on port * for 3600 seconds inbound
17. To Remove an IP from the temporary IP ban or allow list:-
----
csf -tr
Or
csf --temprm ip
----
18. To Flush all IPs from the temporary IP entries:-
----
csf -tf
Or
csf --tempf
----
19. Some General commands:-
----
csf -v Or csf --version : Show csf version
csf -c Or csf --check : Check for updates to csf but do not upgrade
csf -u Or csf --update : Check for updates to csf and upgrade if available
csf -h Or csf --help : For help
----
CSF(Config Server Firewall) is a Firewall application which is mostly use by Linux server. It provide various options to control and manage Linux server Firewall through commandline and control panel. CSF configures linux server firewall to manage access to FTP, Email, Websites, control panel, ports, etc. from public access.
CSF also provide a service called LFD(Login Failure Daemon) which blocks the IP's from which excessive login failures are seen and seems like brute force attack. LFD monitors and blocks the IP addresses from which there is large amount of login failures.
How to install CSF ?
We have already discussed and described Installation of CSF on Linux Server.
After installation you have to disable the TESTING mode to work the CSF properly on your server.
You can change it from the configuration file itself.
[root@server #] vim /etc/csf/csf.conf
Then change the value of 'TESTING' from 1 to 0
Some useful CSF commands:-
1. To Enable csf and lfd if previously disabled:-
----
csf -e
Or
csf --enable
----
2. To Disable csf and lfd completely:-
----
csf -x
Or
csf --disable
----
3. To Restart firewall rules:-
----
csf -r
Or
csf --restart
----
4. To Start the firewall rules:-
----
csf -s
Or
csf --start
----
5. To Flush/Stop firewall rules (Note: lfd may restart csf):-
----
csf -f
Or
csf --stop
----
6. To List/Show the IPv4 iptables configuration:-
----
csf -l
Or
csf --status
----
7. To List/Show the IPv6 ip6tables configuration:-
----
csf -l6
Or
csf --status6
----
8. To Allow an IP and add to /etc/csf/csf.allow:-
----
csf -a ip [comment]
Or
csf --add ip [comment]
----
[root@hoststud ~]# csf -a 67.1xx.xx1.21 [Hoststud server]
Adding 67.1xx.xx1.21 to csf.allow and iptables ACCEPT...
ACCEPT all opt -- in !lo out * 67.1xx.xx1.21 -> 0.0.0.0/0
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 67.1xx.xx1.21
67.1xx.xx1.21 – is the IP address and ‘Hoststud server’ inside the square bracket is the comment. You can check the /etc/csf/csf.allow file for more details:
[root@hoststud ~]# grep 67.1xx.xx1.21 /etc/csf/csf.allow
------
67.1xx.xx1.21 # [Hoststud server] - Thu Dec 19 23:16:27 2013
------
9. To Remove an IP from /etc/csf/csf.allow and delete rule:-
----
csf -ar
Or
csf --addrm ip
----
10. To Deny an IP and add to /etc/csf/csf.deny:-
----
csf -d
Or
csf --deny ip [comment]
----
11. To Unblock an IP and remove from /etc/csf/csf.deny:-
----
csf -dr
Or
csf --denyrm ip
----
12. To Remove and unblock all entries in /etc/csf/csf.deny:-
----
csf -df
Or
csf --denyf
----
13. To Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number):-
----
csf -g
Or
csf --grep ip
----
Example:
[root@hoststud ~]# csf -g 67.1xx.xx1.21
Chain num pkts bytes target prot opt in out source destination
ALLOWIN 1 0 0 ACCEPT all -- !lo * 67.1xx.xx1.21 0.0.0.0/0
ALLOWOUT 1 0 0 ACCEPT all -- * !lo 0.0.0.0/0 67.1xx.xx1.21
Temporary allow or deny of IP:
The following csf commands are using to allow or deny an IP address temporary from our server.
14. To displays the current list of temporary allow and deny IP entries with their TTL and comment:-
----
csf -t
Or
csf --temp
----
15. To Add an IP to the temp IP allow list (default:inout):-
----
csf -ta ip ttl [-p port] [-d direction] [comment]
Or
csf --tempallow ip ttl [-p port] [-d direction] [comment]
----
Where ttl is the time to live in seconds(Default value: 3600)
Example:
[root@server ~]# csf -ta 67.1xx.xx1.21
ACCEPT all opt -- in !lo out * 67.1xx.xx1.21 -> 0.0.0.0/0
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 67.1xx.xx1.21
csf: 67.1xx.xx1.21 allowed on port * for 3600 seconds in and outbound
16. To Add an IP to the temp IP ban list.
----
csf -td ip ttl [-p port] [-d direction] [comment]
Or
csf --tempdeny ip ttl [-p port] [-d direction] [comment]
----
Example:
[root@server ~]# csf -td 67.1xx.xx1.21
DROP all opt -- in !lo out * 67.1xx.xx1.21 -> 0.0.0.0/0
csf: 67.1xx.xx1.21 blocked on port * for 3600 seconds inbound
17. To Remove an IP from the temporary IP ban or allow list:-
----
csf -tr
Or
csf --temprm ip
----
18. To Flush all IPs from the temporary IP entries:-
----
csf -tf
Or
csf --tempf
----
19. Some General commands:-
----
csf -v Or csf --version : Show csf version
csf -c Or csf --check : Check for updates to csf but do not upgrade
csf -u Or csf --update : Check for updates to csf and upgrade if available
csf -h Or csf --help : For help
----