Home >Operation and Maintenance >Linux Operation and Maintenance >How to add custom iptables rules using CSF

How to add custom iptables rules using CSF

不言Original: 2019-03-21 17:40:143525browse

CSF (configserver firewall) is an iptables-based firewall that provides a simpler way to implement iptables rules. Sometimes we need to add some specific rules (for example, IPtables rules not covered by CSF) to add CSF. If we add these rules using the iptables command directly from the shell, they will be removed the next time CSF restarts.

After installing the CSF firewall on Linux, this article will introduce how to use CSF to add custom iptables rules.

CSF provides pre- and post-scripts that execute before or after CSF rules are set. For example, if you want to open port 3306 (default mysql) to a specific IP, you can add the following rules before or after the script

csfpre.sh: Run external command before csf configures iptables

csfpost.sh: Run external commands after csf configures iptables

Before CSF rules

Create a file /etc/csf/csfpre.sh and add iptables rules, Want to enforce these rules before csf applies its own rules.

iptables -I INPUT -s1.2.3.4-p tcp -m state --state NEW -m tcp --dport3306-j ACCEPT

After the CSF rules

Create a file /etc/csf/csfpost.sh and add iptables rules, hopefully after csf will add its own rules to the firewall Apply these rules.

iptables -I INPUT -s1.2.3.4-p tcp -m state --state NEW -m tcp --dport3306-j ACCEPT

Restart CSF

To restart CSF, just enter the command below and see the results. CSF produces a large amount of output, so it may not be possible to see the entire output in one script, so more commands can also be added to see the page results.

# csf -r | more

See some parts of the output below

...
...
Deleting chain `LOCALOUTPUT&#39;
Deleting chain `LOGDROPIN&#39;
Deleting chain `LOGDROPOUT&#39;Running /etc/csf/csfpre.shDROP  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:67
DROP  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  udp dpt:67
...
...
...
ACCEPT  tcp opt -- in * out !lo  0.0.0.0/0  -> 8.8.8.8  tcp dpt:53
LOCALOUTPUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
LOCALINPUT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
LOCALOUTPUT  all opt    in * out !lo  ::/0  -> ::/0
LOCALINPUT  all opt    in !lo out *  ::/0  -> ::/0Running /etc/csf/csfpost.sh

This article has ended here. For more other exciting content, you can pay attention to the linux tutorial video## on the PHP Chinese website. #column!

The above is the detailed content of How to add custom iptables rules using CSF. For more information, please follow other related articles on the PHP Chinese website!

Statement：

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Previous article：How to use ls command to list files in Linux? (code example)Next article：How to use ls command to list files in Linux? (code example)

See more

Detailed introduction on how to use CSF firewall to block malicious requests in Linux

How to add custom iptables rules using CSF

Related articles