Operation and MaintenanceLinux Operation and MaintenanceHow to add custom iptables rules using CSF
CSF (configserver firewall) is an iptables-based firewall that provides a simpler way to implement iptables rules. Sometimes we need to add some specific rules (for example, IPtables rules not covered by CSF) to add CSF. If we add these rules using the iptables command directly from the shell, they will be removed the next time CSF restarts.
After installing the CSF firewall on Linux, this article will introduce how to use CSF to add custom iptables rules.
CSF provides pre- and post-scripts that execute before or after CSF rules are set. For example, if you want to open port 3306 (default mysql) to a specific IP, you can add the following rules before or after the script
csfpre.sh: Run external command before csf configures iptables
csfpost.sh: Run external commands after csf configures iptables
Before CSF rules
Create a file /etc/csf/csfpre.sh and add iptables rules, Want to enforce these rules before csf applies its own rules.
iptables -I INPUT -s1.2.3.4-p tcp -m state --state NEW -m tcp --dport3306-j ACCEPT
After the CSF rules
Create a file /etc/csf/csfpost.sh and add iptables rules, hopefully after csf will add its own rules to the firewall Apply these rules.
iptables -I INPUT -s1.2.3.4-p tcp -m state --state NEW -m tcp --dport3306-j ACCEPT
Restart CSF
To restart CSF, just enter the command below and see the results. CSF produces a large amount of output, so it may not be possible to see the entire output in one script, so more commands can also be added to see the page results.
# csf -r | more
See some parts of the output below
... ... Deleting chain `LOCALOUTPUT' Deleting chain `LOGDROPIN' Deleting chain `LOGDROPOUT'Running /etc/csf/csfpre.shDROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:67 DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:67 ... ... ... ACCEPT tcp opt -- in * out !lo 0.0.0.0/0 -> 8.8.8.8 tcp dpt:53 LOCALOUTPUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 LOCALINPUT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 LOCALOUTPUT all opt in * out !lo ::/0 -> ::/0 LOCALINPUT all opt in !lo out * ::/0 -> ::/0Running /etc/csf/csfpost.sh
This article has ended here. For more other exciting content, you can pay attention to the linux tutorial video## on the PHP Chinese website. #column!
The above is the detailed content of How to add custom iptables rules using CSF. For more information, please follow other related articles on the PHP Chinese website!
Tutorial on finding keywords for common Linux commandsMar 05, 2025 am 11:45 AMThis tutorial demonstrates efficient keyword searching in Linux using the grep command family and related tools. It covers basic and advanced techniques, including regular expressions, recursive searches, and combining commands like awk, sed, and xa
Work content of Linux operation and maintenance engineers What does Linux operation and maintenance engineers do?Mar 05, 2025 am 11:37 AMThis article details the multifaceted role of a Linux system administrator, encompassing system maintenance, troubleshooting, security, and collaboration. It highlights essential technical and soft skills, salary expectations, and diverse career pr
How do I configure SELinux or AppArmor to enhance security in Linux?Mar 12, 2025 pm 06:59 PMThis article compares SELinux and AppArmor, Linux kernel security modules providing mandatory access control. It details their configuration, highlighting the differences in approach (policy-based vs. profile-based) and potential performance impacts
How do I back up and restore a Linux system?Mar 12, 2025 pm 07:01 PMThis article details Linux system backup and restoration methods. It compares full system image backups with incremental backups, discusses optimal backup strategies (regularity, multiple locations, versioning, testing, security, rotation), and da
How do I use regular expressions (regex) in Linux for pattern matching?Mar 17, 2025 pm 05:25 PMThe article explains how to use regular expressions (regex) in Linux for pattern matching, file searching, and text manipulation, detailing syntax, commands, and tools like grep, sed, and awk.
How do I monitor system performance in Linux using tools like top, htop, and vmstat?Mar 17, 2025 pm 05:28 PMThe article discusses using top, htop, and vmstat for monitoring Linux system performance, detailing their unique features and customization options for effective system management.
How do I implement two-factor authentication (2FA) for SSH in Linux?Mar 17, 2025 pm 05:31 PMThe article provides a guide on setting up two-factor authentication (2FA) for SSH on Linux using Google Authenticator, detailing installation, configuration, and troubleshooting steps. It highlights the security benefits of 2FA, such as enhanced sec
Methods for uploading files for common Linux commandsMar 05, 2025 am 11:42 AMThis article compares Linux commands (scp, sftp, rsync, ftp) for uploading files. It emphasizes security (favoring SSH-based methods) and efficiency, highlighting rsync's delta transfer capabilities for large files. The choice depends on file size,
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
SublimeText3 Linux new version
SublimeText3 Linux latest version
Notepad++7.3.1
Easy-to-use and free code editor
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
Dreamweaver CS6
Visual web development tools
