CSF on the command line

Call Us 0800 107 7979

Service Status

Back to knowledgebase

Last updated: 20 June 2021

Although CSF has a graphical interface for WHM, you might prefer to manage the firewall using the command line. This article covers the most common command line options. I am assuming that you are familiar with how CSF works. Please see my article about managing CSF via WHM if you need a refresher.

The CSF command line options are unusual in that some short options have more than one character. For instance, the utility has an -a and -r option, as well as an -ar and -ra option. To avoid ambiguous commands it is best to use always the long options.

Allowing, ignoring and denying IPs

The -a option I just mentioned is used to add an IP address to /etc/csf/csf.allow. The long option is --add. As you would expect, the option takes an IP address as its argument. CIDR notation is allowed and you can optionally add a comment.

To illustrate, here I allow the IP address 11.22.33.44. The comment is just a note that explains why I allowed the IP address.

# csf --add 11.22.33.44 useful analytics tool

You can use the --addrm option to remove an IP address from the csf.allow. This doesn’t block the IP. It purely means that the IP is no longer on the allow list.

The option to deny an IP is --deny. As with adding an IP, you can add a comment. For instance, to deny the IP 11.22.33.44 and prevent the IP is removed from the csf.deny file you can use this command:

# csf --deny 11.22.33.55 do not delete

You can unblock IPs using --denyrm. As with the --addrm option, this doesn’t allow the IP. It is only removed from csf.deny. Also, it is worth noting that the entry is not removed if it has the special “do not delete” comment.

There is no command line option to add an IP address to /etc/csf/csf.ignore. As explained in the article about managing CSF via WHM, the file should only list IPs that are known and trusted. You can of course edit the file manually.

Temporary rules

You can temporarily allow or deny an IP address using --tempallow and --tempdeny. Both options take two required and three optional arguments. You always have to enter the IP address and the time the rule should be active. So, to deny an IP address for one hour you can use this command:

# csf --tempdeny 11.22.33.66 1h

You can specify one or more ports by adding the -p option and the “direction” with the -d flag. The latter option can be one of in, out or inout. So, the direction specifies if the rule applies to incoming traffic, outgoing traffic or both. The default is in. The final optional argument is a comment.

To give an example, the following command allows the IP 11.22.33.77 access to port 3306 for a day:

# csf --tempallow 11.22.33.77 1d -p 3306 database access allowed for one day

You can view all temporary rules using csf --temp:

# csf --temp
A/D    IP address     Port   Dir   Time To Live     Comment
DENY   11.22.33.66      *    in    59m 14s          Manually added: 11.22.33.66
ALLOW  11.22.33.77    3306   inout 23h 59m 42s      database access allowed for today

You can remove a temporary rule using --temprm (as in csf --temprm 11.22.33.77). And, --tempf flushes all temporary rules.

Other options

There are a few other handy CSF options I use regularly. The first is --ports, which lists open ports and the services that are using them:

# csf --ports
Ports listening for external connections and the executables running behind them:
Port/Proto Open Conn  PID/User             Command Line            Executable
21/tcp     4/6  -     (1279/root)          pure-ftpd (SERVER)      /usr/sbin/pure-ftpd
22/tcp     4/6  3     (867/root)           /usr/sbin/sshd -D       /usr/sbin/sshd
25/tcp     4/6  3     (1242/mailnull)      /usr/sbin/exim ...      /usr/sbin/exim
80/tcp     4/6  2     (1190/root)          litespeed (lshttpd)     /usr/local/lsws/bin/lshttpd
...

And the --iplookup option can often tell you the geolocation of an IP address:

# csf --iplookup 223.27.255.204
223.27.255.204 (TH/Thailand/-)

If you want to learn about CSF, the man page (man 1 csf) provides a brief overview of the available commands, while the somewhat dated /etc/csf/readme.txt file contains lots of information about how CSF works and how it can be configured. As always, we can also answer any questions you might have about the firewall.

Featured Blogs

Identifying Common Server Issues and How to Avoid Them

22nd July 2024

By catalyst2 Team

To maintain a smooth operation of any online business or digital service you need a server that is efficient and that you can rely on. Here at catalyst2 we understand the challenges that businesses face daily; purely to keep their business alive so the challenges that are faced in addition to this when server issues …

Read Article

Why Server Backups are a Safety Net in the Digital World

15th July 2024

By catalyst2 Team

Data is the foundation for businesses as it provides insights into customer behaviour and trends, as well as business performance and efficiency. So, businesses have the tools they need to make informed decisions and plan strategically. For businesses that are just starting out or that are smaller, data is a catalyst to help identify growth …

Read Article

What are Flexible Servers and When are They Beneficial?

10th July 2024

By catalyst2 Team

The word ‘server’ is frequently used in everyday discussions in IT departments within organisations, but unless you work in the tech industry, you might not be familiar with what it really means. A server is the backbone of all digital operations. It is there to manage tasks like data storage, processing requests, delivering content across …

Read Article

Why Server Uptime Matters for Your Business Website

4th July 2024

By catalyst2 Team

While many businesses still have physical workspaces or brick-and-mortar stores, the importance of a digital presence shouldn’t be overlooked. In addition to using things like social media channels to boost your brand awareness and interact with your customers, having a website offers several benefits. In today’s digital world, the performance of your website is crucial …

Read Article

How to Protect Your Website Against Digital Disasters

27th June 2024

By catalyst2 Team

More so than ever before, having a high-performing website is essential to the ongoing success of a business. Regardless of which industry you operate in, a website is a powerful tool that can improve brand recognition, drive growth and support customer engagement. Not to mention, it allows for online sales and can remove geographical barriers …

Read Article

Does a Server Impact Website Traffic?

23rd May 2024

By catalyst2 Team

Regardless of which industry sector you operate in or what type of products and services you offer, having a website is non-negotiable in today’s digital world. More so than ever before, people turn to the internet to find businesses that can assist them with their specific needs and if you don’t have a website, you …

Read Article

A Beginner’s Guide to Managing Your Website Server

17th May 2024

By catalyst2 Team

When it comes to website management, there is a key component that business owners often overlook; server management. Your website server plays a crucial role in your online presence, it facilitates the delivery of your web pages to users and without a server, your website simply wouldn’t be visible online. So, it’s crucial to ensure …

Read Article

Exploring the Costs Associated With a Website

14th February 2024

By catalyst2 Team

In the digital age, getting a website is more than just a way to build an online presence, it’s a vital business investment. Not only do large retail businesses need a website, but smaller local businesses can also benefit from taking their business online. Recognising this importance, many businesses are now dedicating significant resources towards …

Read Article

The Importance of Dedicated Servers for E-Commerce Websites

26th January 2024

By catalyst2 Team

In the fast-paced world of e-commerce, having a reliable website is an essential factor in success. Whether you also have a brick-and-mortar store or solely a digital shop, ensuring your website is performing at its best can have a direct impact on your bottom line. Factors such as website uptime, ease of navigation and speed …

Read Article

Things to Consider During a Website Review

10th January 2024

By catalyst2 Team

Designing a website requires careful consideration and several reviews during the development stages to ensure everything is perfect. Once live, it can be easy to assume that no further updates are needed and your website will continue to perform well, however, this isn’t always the case. Regularly reviewing your website is essential to ensure its …

Read Article

What our clients say

Great real person support – direct phone number, usually the same individual so any problems are handled by the same people. Excellent.

Daniel Chandler, Vindico UK Ltd

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Necessary

Always Enabled

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Performance

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_5562310_11	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Others

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

Cookie	Duration	Description
_ashkii	session	No description available.
_wicasa	3 months	No description available.
AnalyticsSyncHistory	1 month	No description
cookid	3 months	No description available.
cookietest	session	No description
crisp-client/domain-detect/1644827320973	session	No description
crisp-client/domain-detect/1644827348275	session	No description
crisp-client/domain-detect/1644827428415	session	No description
crisp-client/domain-detect/1644827479357	session	No description
crisp-client/domain-detect/1644827596454	session	No description
crisp-client/domain-detect/1644827724838	session	No description
crisp-client/domain-detect/1644827824383	session	No description
crisp-client/domain-detect/1644827878659	session	No description
crisp-client/domain-detect/1644828716243	session	No description
crisp-client/domain-detect/1644828846246	session	No description
crisp-client/domain-detect/1644829369013	session	No description
crisp-clientsession30cc6953-ebcf-4bc6-b649-c44eb446409e	6 months	No description
dbmFP	3 months	No description available.
dbmPK	3 months	No description available.
li_gc	2 years	No description