IP block in csf.

The CSF will block external IPs (Inbound connections) for any Brute force attack or something like that (Multiple login failure, hacking attepts etc)found on the server. We can find out all details regarding the IP block from the ‘lfd’ log. The reason for IP block, exact time etc will be explained in the log file.

CSF commands for Unix/Linux servers

Config Server Firewall is abbreviated as CSF. CSf is the most commonly using firewall application to secure Linux servers.

CSF has wide range of options to manage Linux firewall via comman-line and from the control panel. The csf installation includes preconfigured configurations and control panel UI’s for cPanel, DirectAdmin and Webmin.

CSF log file details

All the details related with the CSF and LFD is loged in a file under “/var/log“. The log file for CSF&LFD is:

" /var/log/lfd.log "

How to find the blacklisted status in CSF ?

There are three different ways to find out the details:

Method I: From WHM

Login to your WHM control panel and search the “ConfigServer Security & Firewall” from the search tool bar which is located left side of the WHM menu. Then use the Search for IP tool to findout the details of IP block on the server.

You can unblock the IP address from the output itself. See the attachment for more tips.


Command line options

Method II : You can use the switch ‘g’ along with the csf command.

How to use it?

Step 1: SSH to your server as root user.
Step 2: Run the below pasted command.

[[email protected] ] csf -g IP-Address

Click here for more CSF commands for Unix/Linux servers.


1. Search the details of IP address on your server by using the command csf.

[[email protected] ] csf -g
Chain            num   pkts bytes target     prot opt in     out     source               destination
No matches found for in iptables

2. Search after blocking the IP address on your server.
2.1 csf -d : to block IP address

[[email protected] ] csf -d
Adding to csf.deny and iptables DROP...
DROP  all opt -- in !lo out *  ->
DROP  all opt -- in * out !lo  ->

2.2 csf -g : to find details

[[email protected] ] csf -g
Chain            num   pkts bytes target     prot opt in     out     source               destination
DENYIN           26       0     0 DROP       all  --  !lo    *    
DENYOUT          26       0     0 DROP       all  --  *      !lo  
csf.deny: # Manually denied - Tue Dec 24 14:35:43 2013

Method III : Grep the IP Address details from the log file “/var/log/lfd.log

[[email protected] ] grep 'IP-Address' /var/log/lfd.log

That’s it.

Related links:
Install and configure csf on CentOS
CSF commands for Unix/Linux servers
Process tracking with the help of csf
How to disable Lfd excessive resource usage alert
How to block countries from server by using csf