/usr/src/csf
csf(1) General Commands Manual csf(1) NAME csf - ConfigServer & Security Firewall SYNOPSIS csf [OPTIONS] DESCRIPTION This manual documents the csf command line options for the ConfigServer & Security Firewall. See /etc/csf/csf.conf and /etc/csf/readme.txt for more detailed information on how to use and configure this ap‐ plication. OPTIONS -h, --help Show this message -l, --status List/Show the IPv4 iptables configuration -l6, --status6 List/Show the IPv6 ip6tables configuration -s, --start Start the firewall rules -f, --stop Flush/Stop firewall rules (Note: lfd may restart csf) -r, --restart Restart firewall rules (csf) -q, --startq Quick restart (csf restarted by lfd) -sf, --startf Force CLI restart regardless of LFDSTART setting -ra, --restartall Restart firewall rules (csf) and then restart lfd daemon. Both csf and then lfd should be restarted after making any changes to the configuration files --lfd [stop|start|restart|status] Actions to take with the lfd daemon -a, --add ip [comment] Allow an IP and add to /etc/csf/csf.allow -ar, --addrm ip Remove an IP from /etc/csf/csf.allow and delete rule -d, --deny ip [comment] Deny an IP and add to /etc/csf/csf.deny -dr, --denyrm ip Unblock an IP and remove from /etc/csf/csf.deny -df, --denyf Remove and unblock all entries in /etc/csf/csf.deny -g, --grep ip Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number) -i, --iplookup ip Lookup IP address geographical information using CC_LOOKUPS setting in /etc/csf/csf.conf -t, --temp Displays the current list of temporary allow and deny IP entries with their TTL and comment -tr, --temprm ip Remove an IP from the temporary IP ban or allow list -trd, --temprmd ip Remove an IP from the temporary IP ban list only -tra, --temprma ip Remove an IP from the temporary IP allow list only -td, --tempdeny ip ttl [-p port] [-d direction] [comment] Add an IP to the temp IP ban list. ttl is how long to blocks for (default:seconds, can use one suffix of h/m/d). Optional port. Optional direction of block can be one of: in, out or inout (default:in) -ta, --tempallow ip ttl [-p port] [-d direction] [comment] Add an IP to the temp IP allow list (default:inout) -tf, --tempf Flush all IPs from the temporary IP entries -cp, --cping PING all members in an lfd Cluster -cg, --cgrep ip Requests the --grep output for IP from each member in an lfd Cluster -cd, --cdeny ip [comment] Deny an IP in a Cluster and add to each remote /etc/csf/csf.deny -ctd, --ctempdeny ip ttl [-p port] [-d direction] [comment] Add an IP in a Cluster to the temp IP ban list (default:in) -cr, --crm ip Unblock an IP in a Cluster and remove from each remote /etc/csf/csf.deny and temporary list -ca, --callow ip [comment] Allow an IP in a Cluster and add to each remote /etc/csf/csf.allow -cta, --ctempallow ip ttl [-p port] [-d direction] [comment] Add an IP in a Cluster to the temp IP allow list (default:in) -car, --carm ip Remove allowed IP in a Cluster and remove from each remote /etc/csf/csf.allow and temporary list -ci, --cignore ip [comment] Ignore an IP in a Cluster and add to each remote /etc/csf/csf.ignore. Note: This will result in lfd being restarted -cir, --cirm ip Remove ignored IP in a Cluster and remove from each remote /etc/csf/csf.ignore. Note: This will re‐ sult in lfd being restarted -cc, --cconfig [name] [value] Change configuration option [name] to [value] in a Cluster -cf, --cfile [file] Send [file] in a Cluster to /etc/csf/ -crs, --crestart Cluster restart csf and lfd --trace [add|remove] ip Log SYN packets for an IP across iptables chains. Note, this can create a LOT of logging information in /var/log/messages so should only be used for a short period of time. This option requires the ipt‐ ables TRACE module and access to the raw PREROUTING chain to function -m, --mail [email] Display Server Check in HTML or email to [email] if present --rbl [email] Process and display RBL Check in HTML or email to [email] if present -lr, --logrun Initiate Log Scanner report via lfd -p, --ports View ports on the server that have a running process behind them listening for external connections --graphs [graph type] [directory] Generate System Statistics html pages and images for a given graph type into a given directory. See ST_SYSTEM for requirements --profile [command] [profile|backup] [profile|backup] Configuration profile functions for /etc/csf/csf.conf You can create your own profiles using the examples provided in /usr/local/csf/profiles/ The profile reset_to_defaults.conf is a special case and will always be the latest default csf.conf list Lists available profiles and backups apply [profile] Modify csf.conf with Configuration Profile backup "name" Create Configuration Backup with optional "name" stored in /var/lib/csf/backup/ restore [backup] Restore a Configuration Backup keep [num] Remove old Configuration Backups and keep the latest [num] diff [profile|backup] [profile|backup] Report differences between Configuration Profiles or Configuration Backups, only specify one [pro‐ file|backup] to compare to the current Configuration --mregen MESSENGERV2 /etc/apache2/conf.d/csf_messenger.conf regeneration. This will also gracefully restart httpd --cloudflare [command] Commands for interacting with the CloudFlare firewall. See /etc/csf/readme.txt and CF_ENABLE for more detailed information Note: target can be one of: An IP address; 2 letter Country Code; IP range CIDR. Only Enterprise cus‐ tomers can block a Country Code, but all can allow and challenge. IP range CIDR is limited to /16 and /24 list [all|block|challenge|whitelist] [user1,user2,domain1...] List specified type of CloudFlare Firewall rules for comma separated list of users/domains add [block|challenge|whitelist] target [user1,user2,domain1...] Add CloudFlare Firewall rule action for target for comma separated list of users/domains only del target [user1,user2,domain1...] Delete CloudFlare Firewall rule for target for comma separated list of users/domains only tempadd [allow|deny] ip [user1,user2,domain1...] Add a temporary block for CF_TEMP seconds to both csf and the CloudFlare Firewall rule for ip for comma separated list of users/domains as well as any user set to "any" -c, --check Check for updates to csf but do not upgrade -u, --update Check for updates to csf and upgrade if available -uf Force an update of csf whether and upgrade is required or not -x, --disable Disable csf and lfd completely -e, --enable Enable csf and lfd if previously disabled -v, --version Show csf version FILES /etc/csf/csf.conf The system wide configuration file /etc/csf/readme.txt Detailed information about csf and lfd BUGS Report bugs on the forums at http://forum.configserver.com AUTHOR (c)2006-2023, Way to the Web Limited (http://www.configserver.com) csf(1)
.
Edit
..
Edit
.gitattributes
Edit
ConfigServer
Edit
Crypt
Edit
HTTP
Edit
JSON
Edit
Module
Edit
Net
Edit
accounttracking.txt
Edit
alert.txt
Edit
apache.http.txt
Edit
apache.https.txt
Edit
apache.main.txt
Edit
apf_stub.pl
Edit
auto.cwp.pl
Edit
auto.cyberpanel.pl
Edit
auto.directadmin.pl
Edit
auto.generic.pl
Edit
auto.interworx.pl
Edit
auto.pl
Edit
auto.vesta.pl
Edit
changelog.txt
Edit
connectiontracking.txt
Edit
consolealert.txt
Edit
cpanel
Edit
cpanel.allow
Edit
cpanel.comodo.allow
Edit
cpanel.comodo.ignore
Edit
cpanel.ignore
Edit
cpanelalert.txt
Edit
csf
Edit
csf.1.txt
Edit
csf.allow
Edit
csf.blocklists
Edit
csf.c
Edit
csf.cloudflare
Edit
csf.conf
Edit
csf.cwp.allow
Edit
csf.cwp.conf
Edit
csf.cwp.ignore
Edit
csf.cwp.pignore
Edit
csf.cyberpanel.allow
Edit
csf.cyberpanel.conf
Edit
csf.cyberpanel.ignore
Edit
csf.cyberpanel.pignore
Edit
csf.deny
Edit
csf.directadmin.allow
Edit
csf.directadmin.conf
Edit
csf.directadmin.ignore
Edit
csf.directadmin.pignore
Edit
csf.dirwatch
Edit
csf.div
Edit
csf.dyndns
Edit
csf.fignore
Edit
csf.generic.allow
Edit
csf.generic.conf
Edit
csf.generic.ignore
Edit
csf.generic.pignore
Edit
csf.help
Edit
csf.ignore
Edit
csf.interworx.allow
Edit
csf.interworx.conf
Edit
csf.interworx.ignore
Edit
csf.interworx.pignore
Edit
csf.logfiles
Edit
csf.logignore
Edit
csf.mignore
Edit
csf.pignore
Edit
csf.pl
Edit
csf.rblconf
Edit
csf.rbls
Edit
csf.redirect
Edit
csf.resellers
Edit
csf.rignore
Edit
csf.service
Edit
csf.sh
Edit
csf.signore
Edit
csf.sips
Edit
csf.smtpauth
Edit
csf.suignore
Edit
csf.syslogs
Edit
csf.syslogusers
Edit
csf.uidignore
Edit
csf.vesta.allow
Edit
csf.vesta.conf
Edit
csf.vesta.ignore
Edit
csf.vesta.pignore
Edit
csfajaxtail.js
Edit
csfcron.sh
Edit
csftest.pl
Edit
csget.pl
Edit
cwp
Edit
cyberpanel
Edit
da
Edit
downloadservers
Edit
exploitalert.txt
Edit
filealert.txt
Edit
forkbombalert.txt
Edit
install.cpanel.sh
Edit
install.cwp.sh
Edit
install.cyberpanel.sh
Edit
install.directadmin.sh
Edit
install.generic.sh
Edit
install.interworx.sh
Edit
install.sh
Edit
install.txt
Edit
install.vesta.sh
Edit
integrityalert.txt
Edit
interworx
Edit
lfd.logrotate
Edit
lfd.pl
Edit
lfd.service
Edit
lfd.sh
Edit
lfdcron.directadmin.sh
Edit
lfdcron.sh
Edit
license.txt
Edit
litespeed.http.txt
Edit
litespeed.https.txt
Edit
litespeed.main.txt
Edit
loadalert.txt
Edit
logalert.txt
Edit
logfloodalert.txt
Edit
messenger
Edit
migratedata.sh
Edit
modsecipdbalert.txt
Edit
netblock.txt
Edit
os.pl
Edit
perf.sh
Edit
permblock.txt
Edit
portknocking.txt
Edit
portscan.txt
Edit
processtracking.txt
Edit
profiles
Edit
pt_deleted_action.pl
Edit
queuealert.txt
Edit
readme.txt
Edit
recaptcha.txt
Edit
regex.custom.pm
Edit
regex.txt
Edit
relayalert.txt
Edit
remove_apf_bfd.sh
Edit
resalert.txt
Edit
reselleralert.txt
Edit
restricted.txt
Edit
sanity.txt
Edit
scriptalert.txt
Edit
sshalert.txt
Edit
sualert.txt
Edit
sudoalert.txt
Edit
syslogalert.txt
Edit
tracking.txt
Edit
ui
Edit
uialert.txt
Edit
uidscan.txt
Edit
uninstall.cwp.sh
Edit
uninstall.cyberpanel.sh
Edit
uninstall.directadmin.sh
Edit
uninstall.generic.sh
Edit
uninstall.interworx.sh
Edit
uninstall.sh
Edit
uninstall.vesta.sh
Edit
upgrade.txt
Edit
usertracking.txt
Edit
version
Edit
version.txt
Edit
vestacp
Edit
watchalert.txt
Edit
webmin
Edit
webminalert.txt
Edit
x-arf.txt
Edit