basic csf commands


ConfigServer Security & Firewall (csf)

A Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.

The basic commands include Restarting ServicesAllowing IP’sBlocking IP’s, and Unblocking IP’s, among others. After explaining what the command does, we will show you an example of the CSF Command.

Service Control Commands

Service CSF commands:

Here is a breakdown of the the csf service commands:

service csf [start|stop|restart]
root@server [~]# service csf restart

IPtables Commands:

The iptables may also need to be restarted for ‘hung’ rules. If you ever need to restart iptables, make sure you restart CSF afterwards to apply the firewall rules. Below is a breakdown of iptables commands:

iptables {start|stop|restart|condrestart|status|panic|save}
root@server [~]# iptables restart

CSF Commands

Block an IP address (permanently):

csf -d


root@server [~]# csf -d

Block an IP address (temporarily):

csf -td $ip $duration (duration is how long to block for (default:seconds, can use one suffix of h/m/d)


root@server [~]# csf -td 3600

Allow an IP Address:

csf -a $ip


root@server [~]# csf -a

Unblock an IP (permanent block):

csf -dr $ip


root@server [~]# csf -dr 3600

List temporary blocked IPs and block durations:

root@server [~]# csf -t

Remove all temporary IP blocks:

csf -tf

Log all SYN packets from an IP:

csf -w $ip

Congratulations, now you are familiar with the basic CSF commands for Restarting ServicesAllowing IP’sBlocking IP’s, and Unblocking IP’s, among others!


How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 3

No votes so far! Be the first to rate this post.

Scroll to Top