Config Server Firewall (CSF)
Config Server Firewall is a free and advanced firewall for most Linux Distributions and Linux based VPS. In addition to the basic functionality of firewall, it provides other security features such as login, intrusion, and detections. It can block the public access and restrict what can be accessed like only e-mails or only websites, etc. To add more power to this, it comes with a Login Failure Daemon (LFD) script. It runs all the time to scan for failed attempts to log in to the server to detect brute-force attacks. If a huge number of failed logins are appearing from that IP, LFD also blocks IPs. The block is temporary. The blocked IP address can be viewed by the admin by enabling an email alert service. It can also manually allows to whitelist and blacklist IP in the firewall.
CSF Commands used to handle IP:
CSF (Config Server Firewall) uses some commands to handle the IP. Those commands are listed below.
# csf-s – Starts the firewall rules.
# csf-f – Stops the firewall rules.
# csf-r – Restarts the firewall rules.
# csf-a [Ip address] – Allows or Unblock an IP and add to /etc/csf/csf.allow
# csf-tr [Ip address] – Removes an IP from the temporary IP ban or allow list.
# csf-tf – Flush all IP’s from temporary IP entries.
# csf-d[Ip address] – Denies an IP and add to /etc/csf/csf.deny
# csf-dr[Ip address] – Unblock an IP and remove from /etc/csf/csf.deny
# csf-df – Removes and unblock all entries in /etc/csf/csf.deny
# csf-g[Ip address] – Searches the IPtables and ip6tables rules for a match.
# csf-t – Displays the current list of temporary allow and deny IP entries with their TTL.