+44 151 528 8706 [email protected]

How to manage the CSF firewall software

The ConfigServer Security and Firewall (CSF) within WebHost Manager (WHM) offers several different ways to block and unblock access to a site, including:

  • Whitelisting IP addresses.
  • Blocking and unblocking IP addresses.
  • Opening and closing ports.

Whether you need to unblock a client’s IP address after it has been blocked, or close a port to prevent malicious activity, the CSF is a powerful tool for helping secure your site. 

Unblocking an IP address:

  1. Log in to WHM.
  2. In the left sidebar, under Plugins, click ConfigServer Security & Firewall
  3. Under csf – ConfigServer Firewall, in the Search iptables for IP address text box, type the IP address to search for, and then click Search for IP.
  4. If the IP address is blocked, it appears in the search results, along with the reason. To unblock the IP address, click the padlock icon to the right of the IP address.

Granting access to an IP address

There are two parts to the CSF firewall: the firewall itself and the Login Failure Daemon (LFD). Whitelisting an IP address grants the address access in the csf.allow firewall, and adding an IP address to the Quick Ignore list prevents an IP address from being blocked by the LFD. (If an IP address is still blocked after whitelisting, you must add it to the Quick Ignore list.)

Even if you whitelist an IP address using the method listed below, the LFD can still block it for suspicious behavior such as repeat violations of ModSecurity rules or multiple failed logins. This is done to minimize the risk of brute-force attacks that could occur if a computer or device on the same network as a whitelisted IP address becomes compromised or infected with malware.

Whitelisting an IP address

To whitelist an IP address in the csf.allow firewall, follow these steps:

  1. Log in to WHM.
  2. In the left sidebar, under Plugins, click ConfigServer Security & Firewall

4. Under csf – Quick Actions, locate the Quick Allow section.
5. In the Allow IP address text box, type the IP address. There is an optional text box below where you can type a comment for why the IP address was whitelisted:

    6. Click Quick Allow.

    Using Quick Ignore

    A temporary measure that you can take while trying to resolve the underlying issue is to add a problematic IP address to the ignore list. Adding an IP address to the Quick Ignore list prevents LDF from blocking the address. To add an IP address to the ignore list, follow these steps:

        1. Log in to WHM.
        2. In the left sidebar, under Plugins, click ConfigServer Security & Firewall

    3.Under csf – Quick Actions, locate the Quick Ignore section.
    4.In the Ignore IP address text box, type the IP address:

       

      Opening and closing ports

      You might need to open or close a port for various reasons. For example:

      • Opening a port to allow e-mail to be delivered.
      • Closing a port that is exhibiting malicious activity.

      To open or close ports in the firewall, follow these steps:

      1. Log in to WHM.
      2. In the left sidebar, under Plugins, click ConfigServer Security & Firewall

      3. Under csf – ConfigServer Firewall, click Firewall Configuration:

      4. Scroll down to the IPv4 Port Settings section. In this section are the following options:

        • Allow incoming TCP ports (TCP_IN): Use this option to allow incoming connections to the specified TCP ports.
        • Allow outgoing TCP ports (TCP_OUT): Use this option to allow outgoing connections to the specified TCP ports.
        • Allow incoming UDP ports (UDP_IN): Use this option to allow incoming connections to the specified UDP ports.
        • Allow outgoing UDP ports (UDP_OUT): Use this option to allow outgoing connections to the specified UDP ports.

          5. After making the changes, scroll down to the bottom of the page, and click Change.
          6.Click Restart csf+lfd to restart the firewall.

          Command to manage it from SSH:

          csf -e Enable CSF 
          csf -x Disable CSF
          csf -s Start the firewall rules 
          csf -f Flush/Stop firewall rules (note: lfd may restart csf)

          csf -r Restart the firewall rules 
          csf -a [IP.add.re.ss] [Optional comment] Allow an IP and add to /etc/csf/csf.allow
          csf -td [IP.add.re.ss] [Optional comment] Place an IP on the temporary deny list in /var/lib/csf/csf.tempban 
          csf -tr [IP.add.re.ss] Remove an IP from the temporary IP ban or allow list.

          csf -tf Flush all IPs from the temporary IP entries

          csf -d [IP.add.re.ss] [Optional comment] Deny an IP and add to /etc/csf/csf.deny 
          csf -dr [IP.add.re.ss] Unblock an IP and remove from /etc/csf/csf.deny 
          csf -df Remove and unblock all entries in /etc/csf/csf.deny 
          csf -g [IP.add.re.ss] Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number) 
          csf -t Displays the current list of temporary allow and deny IP entries with their TTL and comments

      How to Mount an NFS Share in Linux

      Network File System (NFS) is a distributed file system protocol that allows you to share remote directories over a network. With NFS, you can mount...

      How to install Plesk on CentOS

      Plesk is a commercial web hosting and server data center automation software with a control panel developed for Linux and Windows-based retail hosting...

      Plesk vs cPanel

      When choosing between web hosting control panels, it’s often a toss-up between Plesk or cPanel. Between them, they dominate the market for users looking for account and server...

      We're Here To Help!

      7 + 14 =

      Head Office

      Ukshin Kovaçica, 10,000 Pristina, Republic of Kosovo

      Call Us

      +44 151 528 8706