Cel mai probabil daca detii un server VPS ai instalat si un firewall. Cel mai utilizat firewall este cel oferit de catre Config Server Security, numit CSF. In cele mai multe situatii administram CSF-ul direct din interfata grafica din WHM -> ConfigServer Security & Firewall, insa in unele situatii de urgenta este mult mai simplu sa administram direct din linia de comanda.
Administrare CSF din linia de comanda:
Restart CSF
# csf -r
Blocare IP
# csf -d xxx.xxx.xxx.xxx
Deblocare IP si adaugare in whitelist
# csf -a xxx.xxx.xxx.xxx
Deblocare IP si stergere din lista de IP-uri blocate
# csf -dr xxx.xxx.xxx.xxx
Mai jos este o lista cu toate comenzile CSF:
-h, --help // Show this message -l, --status // List/Show iptables configuration -l6, --status6 // List/Show ip6tables configuration -s, --start // Start firewall rules -f, --stop // Flush/Stop firewall rules (Note: lfd may restart csf) -r, --restart // Restart firewall rules -q, --startq // Quick restart (csf restarted by lfd) -sf, --startf // Force CLI restart regardless of LFDSTART setting -a, --add ip // Allow an IP and add to /etc/csf.allow -ar, --addrm ip // Remove an IP from /etc/csf.allow and delete rule -d, --deny ip // Deny an IP and add to /etc/csf.deny -dr, --denyrm ip // Unblock an IP and remove from /etc/csf.deny -df, --denyf // Remove and unblock all entries in /etc/csf.deny -g, --grep ip // Search the iptables rules for an IP match (incl. CIDR) -t, --temp // Displays the current list of temp IP entries and their TTL -tr, --temprm ip // Remove an IPs from the temp IP ban and allow list -tf, --tempf // Flush all IPs from the temp IP entries -cp, --cping // PING all members in an lfd Cluster -cd, --cdeny ip // Deny an IP in a Cluster and add to /etc/csf.deny -ca, --callow ip // Allow an IP in a Cluster and add to /etc/csf.allow -cr, --crm ip // Unblock an IP in a Cluster and remove from /etc/csf.deny -cf, --cfile [file] // Send [file] in a Cluster to /etc/csf/ -crs, --crestart // Cluster restart csf and lfd -w, --watch ip // Log SYN packets for an IP across iptables chains -m, --mail [addr] // Display Server Check in HTML or email to [addr] if present -lr, --logrun // Initiate Log Scanner report via lfd -c, --check // Check for updates to csf but do not upgrade -u, --update // Check for updates to csf and upgrade if available -uf // Force an update of csf -x, --disable // Disable csf and lfd -e, --enable // Enable csf and lfd if previously disabled -v, --version // Show csf version
