ConfigServer (CSF) Firewall Cheatsheet

ConfigServer (CSF) Firewall Cheat Sheet:
OPTIONS

 -h, --help
 Show this message
-l, --status
 List/Show the IPv4 iptables configuration
-l6, --status6
 List/Show the IPv6 ip6tables configuration
-s, --start
 Start the firewall rules
-f, --stop
 Flush/Stop firewall rules (Note: lfd may restart csf)
-r, --restart
 Restart firewall rules
-q, --startq
 Quick restart (csf restarted by lfd)
-sf, --startf
 Force CLI restart regardless of LFDSTART setting
-a, --add ip [comment]
 Allow an IP and add to /etc/csf/csf.allow
-ar, --addrm ip
 Remove an IP from /etc/csf/csf.allow and delete rule
-d, --deny ip [comment]
 Deny an IP and add to /etc/csf/csf.deny
-dr, --denyrm ip
 Unblock an IP and remove from /etc/csf/csf.deny
-df, --denyf
 Remove and unblock all entries in /etc/csf/csf.deny
-g, --grep ip
 Search the iptables and ip6tables rules for a match (e.g. IP,
 CIDR, Port Number)
-t, --temp
 Displays the current list of temporary allow and deny IP entries
 with their TTL and comment
-tr, --temprm ip
 Remove an IP from the temporary IP ban or allow list
-td, --tempdeny ip ttl [-p port] [-d direction] [comment]
 Add an IP to the temp IP ban list. ttl is how long to blocks for
 (default:seconds, can use one suffix of h/m/d). Optional port.
 Optional direction of block can be one of: in, out or inout
 (default:in)
-ta, --tempallow ip ttl [-p port] [-d direction] [comment]
 Add an IP to the temp IP allow list (default:inout)
-tf, --tempf
 Flush all IPs from the temporary IP entries
-cp, --cping
 PING all members in an lfd Cluster
-cd, --cdeny ip
 Deny an IP in a Cluster and add to /etc/csf/csf.deny
-ca, --callow ip
 Allow an IP in a Cluster and add to /etc/csf/csf.allow
-car, --carm ip
 Remove allowed IP in a Cluster and remove from
 /etc/csf/csf.allow
-cr, --crm ip
 Unblock an IP in a Cluster and remove from /etc/csf/csf.deny
-cc, --cconfig [name] [value]
 Change configuration option [name] to [value] in a Cluster
-cf, --cfile [file]
 Send [file] in a Cluster to /etc/csf/
-crs, --crestart
 Cluster restart csf and lfd
-w, --watch ip
 Log SYN packets for an IP across iptables chains
-m, --mail [email]
 Display Server Check in HTML or email to [email] if present
-lr, --logrun
 Initiate Log Scanner report via lfd
--profile [command] [profile|backup] [profile|backup]
 Configuration profile functions for /etc/csf/csf.conf
 You can create your own profiles using the examples provided in
 /usr/local/csf/profiles/
 The profile reset_to_defaults.conf is a special case and will
 always be the latest default csf.conf
list
 Lists available profiles and backups
apply [profile]
 Modify csf.conf with Configuration Profile
backup "name"
 Create Configuration Backup with optional "name" stored in
 /var/lib/csf/backup/
restore [backup]
 Restore a Configuration Backup
keep [num]
 Remove old Configuration Backups and keep the latest [num]
diff [profile|backup] [profile|backup]
 Report differences between Configuration Profiles or Configura-
 tion Backups, only specify one [profile|backup] to compare to
 the current Configuration
-c, --check
 Check for updates to csf but do not upgrade
-u, --update
 Check for updates to csf and upgrade if available
-uf Force an update of csf whether and upgrade is required or not
-x, --disable
 Disable csf and lfd completely
-e, --enable
 Enable csf and lfd if previously disabled
-v, --version
 Show csf version

Exhaustive manual with examples: http://configserver.com/free/csf/readme.txt

Advertisements

Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s