CSF commands to allow/deny IP addresses for temporary – Command line option

CSF is one of the best firewall application for your Linux based servers. We have already dicussed a lot about CSF and its command usages. Refer this to Install CSF on your server. We have a lot of options available with CSF. Here I am discussing about the temporary IP blocking feature of CSF.

Yes, there is an option to configure the IPTABLES rules for blocking IPs temporary with the help of CSF. You can use it simply from the command-line. Similarly you can add an Iptables rule to allow IPs temporary. Here I am explaining, how it is possible via command-line?

You can use the switch “t” along with “a” and “d” to allow and deny IPs temporary. Here I am explaining some useful usages with examples.

How to Block/Deny an IP address in CSF temporary(for a particular time period) ?

Here is the syntax:

csf -td ip ttl [-p port] [-d direction] [comment]
Or
csf --tempdeny ip ttl [-p port] [-d direction] [comment]

The “ttl” representing the Time-To-Live option in seconds. Example, 3600 for 1 hour block.
Default value is 3600 seconds.

Example:

[email protected] [~/csf]# csf -td 66.8x.xx.xx
DROP  all opt -- in !lo out *  66.8x.xx.xx  -> 0.0.0.0/0
csf: 66.8x.xx.xx blocked on port * for 3600 seconds inbound

For a specified time period, you can directly mention that time interval just after the IP.

Example:

[email protected] [~/csf]# csf -td 66.8x.xx.xx
DROP  all opt -- in !lo out *  66.8x.xx.xx  -> 0.0.0.0/0
csf: 66.8x.xx.xx blocked on port * for 60 seconds inbound

How to Unblock/Allow an IP address in CSF temporary(for a particular time period) ?

You can use the the switch “a” to allow IP.

Syntax:

csf -ta ip ttl [-p port] [-d direction] [comment]
Or
csf --tempallow ip ttl [-p port] [-d direction] [comment]

Example:

[[email protected] ~]# csf -ta 66.8x.1xx.xx
ACCEPT  all opt -- in !lo out *  66.8x.1xx.xx  -> 0.0.0.0/0
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 66.8x.1xx.xx
csf: 66.8x.1xx.xx allowed on port * for 3600 seconds in and outbound

Displays the current list of temporary allow and deny IP entries with their TTL and comment.

Use the switch “t” to displays the current list. This

csf -t 
Or 
csf --temp

Example:

[email protected] [~/csf]# csf -t

A/D   IP address                               Port   Dir   Time To Live     Comment
DENY  66.8x.xx.xx                                *    in    59m 44s          Manually added

Remove an IP from the temporary IP ban or allow list

The switch ‘r’ is using to remove an IP address from temporary list.

Syntax:

csf -tr 
Or 
csf --temprm ip

Example:

[email protected] [~/csf]# csf -tr 66.8x.xx.xx
DROP  all opt -- in !lo out *  66.8x.xx.xx  -> 0.0.0.0/0
csf: 66.8x.xx.xx temporary block removed
csf: There are no temporary IP allows

Flush all IPs from the temporary IP entries

To flush all IPs from temporary list.

Syntax:

csf -tf 
Or 
csf --tempf

Example:

[email protected] [~/csf]# csf -tf
DROP  all opt -- in !lo out *  66.8x.xx.xx  -> 0.0.0.0/0
csf: 66.8x.xx.xx temporary block removed
csf: There are no temporary IP allows

That’s it..

Related posts:

1, CSF commands for Unix/Linux servers
2, How to find whether the IP address is blacklisted or not in CSF
3, How to block countries from server by using csf
4, Process tracking with the help of csf
5, Easy way to Enable/Disable CSF

 

What is iptables in Linux?

What is iptables in Linux? We can call, it’s the basics of Firewall for Linux. Iptables is a rule based firewall system and it is normally pre-installed on a Unix operating system which is controlling the incoming and outgoing packets. By-default the iptables is running without any rules, we can create, add, edit rules into it.

In this article I am trying to explain the basics of iptables with some common practices.

Hope, this topic will give you the basics of iptables.

, ,

Post navigation

Arunlal Ashok

Linux Systems Architect at Endurance International Group. Linux lover. Like to play on Linux console. I started this blog to share and discuss Linux thoughts.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team CryBit.com

3 thoughts on “CSF commands to allow/deny IP addresses for temporary – Command line option

  1. If you want to block the IP address by country using csf, you can export it from the free service ip2location. com/free/visitor-blocker

Leave a Reply

Your email address will not be published. Required fields are marked *