Este artigo cobre alguns comandos mais utilizados do software CSF por SSH.
Command | Description | Example |
---|---|---|
csf -s | Start the firewall rules | root@server[~]#csf -s |
csf -f | Flush/Stop firewall rules (note: lfd may restart csf) |
root@server[~]#csf -f |
csf -r | Restart the firewall rules | root@server[~]#csf -r |
csf -a [IP.add.re.ss] [comment] | Allow an IP and add to /etc/csf/csf.allow |
root@server[~]#csf -a 199.33.3.3 Home IP Address |
csf -tr [IP.add.re.ss] | Remove an IP from the temporary IP ban or allow list. |
root@server[~]#csf -tr 68.192.23.1 |
csf -tf | Flush all IPs from the temporary IP entries |
root@server[~]#csf -tf |
csf -d [IP.add.re.ss] [comment] | Deny an IP and add to /etc/csf/csf.deny | root@server[~]#csf -d 68.192.23.1 Blocked This Guy |
csf -dr [IP.add.re.ss] | Unblock an IP and remove from /etc/csf/csf.deny | root@server[~]#csf -dr 68.192.23.1 |
csf -df | Remove and unblock all entries in /etc/csf/csf.deny | root@server[~]#csf -df |
csf -g [IP.add.re.ss] | Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number) | root@server[~]#csf -g 68.192.23.1 |
csf -t | Displays the current list of temporary allow and deny IP entries with their TTL and comment | root@server[~]#csf -t |
Endereço IP em Whitelisting
De forma a prevenir que determinado IP possa ser bloqueado, mesmo que temporáriamente, necessita de o adicionar nos ficheiros csf.ignore e csf.allow. O primeiro passo é activar "IGNORE_ALLOW" em csf.conf. O valor de "IGNORE_ALLOW" irá aparecer como “0”, deverá alterar para “1” e reiniciar os serviços csf e lfd.