March 5, 2021 / Eternal Team
Config Server Firewall (popularly known as CSF) is a free and open-source firewall application suite for most Linux distributions and Linux based Virtual Private Servers (VPS). It provides the basic functionality of a firewall – filtering packets while also providing additional security to your server.
To verify the required firewall modules command:
perl /usr/local/csf/bin/csftest.pl
Everything should be fine and you should get the following output:
nano /etc/csf/csf.conf
Certain ports are opened by default, and these ports are given below:
The services using the open ports
After changing the settings in csf.conf, you should save the files and restart CSF for the changes to take effect with this command:
csf -r
Blocking IP addresses
If you would like to block an IP address or range, open csf.deny with the command below:
nano /etc/csf/csf.deny
Below is the default csf.deny file as it contains no entries.
To block a specific IP address, add it to the file:
– 196.xx.xx.xx To block a range of IP addresses, add the IP followed by the CIDR Value
– 196.xx.xx.xx/29.
Allowing IP addresses
nano /etc/csf/csf.allow
Below is the default csf.allow file as it contains no entries.
You can also allow a specific IP and a range of IP addresses without opening the csf.deny file but by running the commands below:
csf -a 196.x.x.x csf -ar 196.x.x.x
Note: Allowed IP addresses are allowed even if they are explicitly blocked in a csf.deny file.
