Important CSF firewall commands via SSH

Important CSF firewall commands via SSH

اوامر جدار الحماية CSF المهمة عن طريق SSH

In Linux servers, it is necessary to install a firewall that blocks suspicious processes on the server.

From blocking any IP addresses we would like to block easily and one of the best free programs that work as a firewall that

It can be installed is the ConfigServer Security & Firewall program, known as csf, and it is always preferred to use it on servers.

Which works in the control panel whm/cpanel, as it is designed in such a way that it works automatically by blocking IP addresses that try to

Log in with wrong information a lot and you can see all csf details through the following link


In this lesson, we will review important CSF firewall commands via SSH

To get a list of all options, please use these commands #

csf --help
man csf

Firewall installation path : /etc/csf
main settings file : /etc/csf/csf.conf

Restart the firewall #

csf -r

Turn on the firewall #

csf -s

Enable CSF (meaning when the server restarts, the csf is running) #

csf -e

Disable CSF (meaning when the server restarts, the csf does not work) #

csf -x

Remove and unblock all IPs on the server #

csf -df

ip ban one #

csf -d =IP to be blocked

Activate one IP #

csf -a = IP to activate (remove from ban)

Clear all IP addresses from temporary IP entries #

csf -tf

Now if you want to manually search for a specific IP to unblock it, unblock it, or even attend and stop it

You find all the IP that is blocked on the server you find it in this file


nano /etc/csf/csf.deny

All IPs where the white is located are not or the trusted IP

nano /etc/csf/csf.allow

Note: The IP addresses listed in this file will not be ignored by lfd, so it can still be blocked. If you don’t want to lfd block an IP address, you should add it to csf.ignore

Greetings from the Hyyat Host team for hosting #

All rights reserved to Hayat Host 2022