How to Configure CSF on Linux

As we have already discuss how to Install CSF on a server, in this tutorial we are going to discuss how to configure CSF on a Linux Dedicated server.

AFter installing CSF on a server, a CSF firewall is fully ready to protect your server from dangerous assaults, but still you require to set extra rules and configure it so will will function properly to support you.

At this point you know why it is mentioned as Config-server Firewall because it still relied upon your requirements to configure to work properly.

Allow & Deny IP in Config-server Firewall:

In the event that you have to permit or deny IP address using CLI, these decisions according to the accompanying are generally utilized:

Rundown out every single connected lead are given in CSF by utilizing this,

     $ sudo csf -l

To enable CSF & LFD,

     $ sudo csf -e

You will see this message at the end,

Starting lfd: Done

csf and lfd have been enabled

Stop CSF Firewall Service,

     $ sudo csf -x

CSF is stopped, no worries utilize this

     $ sudo csf -s

Use the following command for restart

     $ sudo csf -r

To put your IP address to a lasting enable list in csf.allow:

     $ sudo csf -a

Remove from allow list

       $ sudo csf -ar

Put an IP into deny in csf.deny:

     $ sudo csf -d

Remove from Deny list,

     $ sudo csf -dr

On the off chance that you need to whitelist an IP, The given value in csf.conf of IGNORE_ALLOW will appear as "0" and on the off chance that you need to transform it to "1" and reboot administration of CSF on your Linux Dedicated server.

     $ sudo csf -i

Find your input pattern which an organize on IP-tables e.g: IP, Port and etc.

     $ sudo csf -g

Remove or flush blocked list

     $ sudo csf -f

Update CSF to the most recent version,

     $ sudo csf -u

csf is already at the most recent version: v9.28

All right, now we have learned how to enable or disable IP’s although what about ports?

Because of several choices in csf.conf we are simply beginning here.

Yet, don't stress we will direct you through the most straightforward route conceivable to configure CSF firewall.

In csf.conf file list of ports specified in TCP IPv4 as well as IPv6 but at present we will set this for IPv4 because many of us are well-know to handle it.

Additionally, it's critical to know which ports are opened or shut reason it'll influence your task on a server in your Linux Dedicated server hosting account.

# Allow incoming TCP ports

TCP_IN = "10,11,12,15,53,80,110,473,963,741,587,789,123"


# Allow outgoing TCP ports

TCP_OUT = "10,11,12,15,53,80,110,473,963,741,587,789,123"


# Allow incoming UDP ports

UDP_IN = "10,11,12"


# Allow outgoing UDP ports

# To allow outgoing traceroute add 33434:33523 to this   


UDP_OUT = "10,11,12,15,53,80"


The ports given above TCP and UDP are enabled a web server on your Linux Dedicated server to impart utilizing default ports.

At the point when a server begins an administration that administration characterizes a port of correspondence and that is a passage to impart to outside world and for approaching movement.

You can verify at present on your system which administrations utilizing which particular ports for correspondence,

      $ sudo csf -p


Ports tuning in for outer connections and the executables running behind them:

Port/Proto Open Conn  PID/User     Command Line                            Executable

22/tcp     4/6  2     (736/root)           /usr/sbin/sshd -D                       /usr/sbin/sshd

80/tcp     4/6  -     (876/root)           /usr/sbin/apache2 -k start              /usr/sbin/apache2

80/tcp     4/6  -     (878/www-data)       /usr/sbin/apache2 -k start              /usr/sbin/apache2

80/tcp     4/6  -     (879/www-data)       /usr/sbin/apache2 -k start              /usr/sbin/apache2

8009/tcp   -/- -     (704/tomcat)         /usr/lib/jvm/java-8-oracle/jre/bin/j... /usr/lib/jvm/java-8-oracle/jre/bin/java

8080/tcp   -/- -     (704/tomcat)         /usr/lib/jvm/java-8-oracle/jre/bin/j... /usr/lib/jvm/java-8-oracle/jre/bin/java

You can set your custom ports on this arrangement underneath list indicates you default benefit ports which are broadly utilized as a part of association services,

Here are some widely recognized service ports,

21 : FTP

22 : SSH

23 : Telnet

25 : SMTP Mail Transfer

43 : WHOIS service

53 : NameServer (DNS)

80 : HTTP (Default Web Server)

110 : POP protocol (Email Service)

443 : HTTP Secure (SSL for HTTPS )

995 : POP over SSL/TLS

9999 : Urchin

3306 : MysQL Server

2082 : cPANEL Default

2083 : cPANEL - (Secure / SSL)

2086 : cPANEL  WHM

2087 : cPANEL  WHM - (Secure / SSL)

2095 : cpanel webmail

2096 : cpanel webmail - (Secure / SSL)

Plesk Control Panel : 8443

Direct Admin Control Panel: 2222

Webmin Control Panel : 10000