CSF
csf -a : allow an ip and add it to /etc/csf.allow
csf -ar : remove an ip from /etc/csf.allow and delete rule
csf -d : deny an ip and add to /etc/csf.deny
csf -dr : unblock an ip and remove from /etc/csf.deny
csf -g : search the list and give the rule that matches the ip
csf -tr : Remove the IP from temporary ban
csf -x : disable csf and lfd
csf -e : enable csf and lfd if disabled
csf -r : restart csf
CSF config files
- /etc/csf/csf.conf :csf config file
- /etc/csf/csf.allow :csf allow file
- /etc/csf/csf.deny :csf deny file
- /etc/csf/csf.ignore :ignore list file ( the ip’s lfd should ignore and not block )
- /etc/csf/csf.tempban :to see the ips in temporary ban
To block an entire range of IP’s from a country
Open CSF config file and check for the line “CC_DENY” and add the corresponding country code.
For eg, if you want to block the IPs from china, add the country code as ‘CN’
IPTABLES
service iptables status : display the status of firewall
iptables -F :flush out rules
iptables -L -INPUT -n : check the lines of the chain input
iptables -I INPUT -s x.x.x.x -j DROP : block a single ip address
iptables -D INPUT -s x.x.x.x -j DROP : delete the ip from the rule
iptables -A INPUT -s x.x.x.x -j ACCEPT : allow all traffic from the ip address
iptables -A INPUT -p tcp --dport 3306 -j DROP : block a port from all ip
iptables -A INPUT -p tcp -s x.x.x.x --dport 3306 -j ACCEPT : allow a port from a single ip
iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP :
block traffic from mac address
Diff b/w DROP and REJECT : REJECT works like DROP, but will return an error
message to the host sending the packet that the packet was blocked
iptables-save > /root/rule.file: To save iptables rules to an external file
iptables-restore < /root/rule.file : To restore the rules back
iptables -L INPUT --line-numbers : To list the rules along with the rule
number in the chain 'INPUT'
iptables -D INPUT 1 : To delete the rule 1 in the chain INPUT
