Disclaimer:
Please bear in mind that the ConfigServer Security & Firewall (AKA CSF) plugin is a third-party software and is not part of cPanel's suite of software, so as a result its provision, configuration, and management are beyond the scope of our support. Please note that cPanel, LLC only supports the cPanel-provided software and does not provide general system/network administration services or support for third-party software.
The purpose of this guide is purely informational and as such cPanel, LLC will not assume responsibility for any potential adverse outcomes that might arise from its adoption. You may, therefore, wish to seek assistance from a qualified system administrator regarding any potential issues, as one would have the tools and knowledge in order to assist you.
Furthermore, CSF has its own support channel, forum, and ticketing system, so you always can/should refer to this link in case you require further assistance with any issues concerning CSF:
ConfigServer Security & Firewall (csf)
Commands:
Here is a list of a few very useful CSF commands covering some of the most common tasks when managing CSF on your server.
Command | Description | Example |
---|---|---|
csf -e | Enable CSF | root@server[~]#csf -e |
csf -x | Disable CSF | root@server[~]#csf -x |
csf -s | Start the firewall rules | root@server[~]#csf -s |
csf -f | Flush/Stop firewall rules (note: lfd may restart csf) |
root@server[~]#csf -f |
csf -r | Restart the firewall rules | root@server[~]#csf -r |
csf -a [IP] [Optional comment] | Allow an IP and add to /etc/csf/csf.allow |
root@server[~]#csf -a 187.33.3.3 Home IP Address |
csf -td [IP] [Optional comment] | Place an IP on the temporary deny list in /var/lib/csf/csf.tempban | root@server[~]#csf -td 55.55.55.55 Odd traffic patterns |
csf -tr [IP] | Remove an IP from the temporary IP ban or allow list. |
root@server[~]#csf -tr 66.192.23.1 |
csf -tf | Flush all IPs from the temporary IP entries |
root@server[~]#csf -tf |
csf -d [IP] [Optional comment] | Deny an IP and add to /etc/csf/csf.deny | root@server[~]#csf -d 66.192.23.1 Blocked This Guy |
csf -dr [IP] | Unblock an IP and remove from /etc/csf/csf.deny | root@server[~]#csf -dr 66.192.23.1 |
csf -df | Remove and unblock all entries in /etc/csf/csf.deny | root@server[~]#csf -df |
csf -g [IP] | Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number) | root@server[~]#csf -g 66.192.23.1 |
csf -t | Displays the current list of temporary allow and deny IP entries with their TTL and comments | root@server[~]#csf -t |
Other Command and Options:
You can view all the CSF command line options by using either:
man csf
or
csf -h
These options allow you to easily and quickly control and view CSF.