IP block in csf. How to find?
The CSF will block external IPs (Inbound connections) for any Brute force attack or something like that (Multiple login failure, hacking attempts etc) found on the server. We can find out all details regarding the IP block from the ‘lfd’ log. The reason for IP block, exact time etc will be explained in the log file.
CSF commands for Unix/Linux servers
Config Server Firewall is abbreviated as CSF. CSf is the most commonly using firewall application to secure Linux servers.
CSF has wide range of options to manage Linux firewall via comman-line and from the control panel. The csf installation includes preconfigured configurations and control panel UI’s for cPanel, DirectAdmin and Webmin.
CSF log file details
All the details related with the CSF and LFD is logged in a file under “/var/log“. The log file for CSF&LFD is:
" /var/log/lfd.log "
This post was published on Sep, 2018. Verified with new versions and updated. In case of any issues, please comment. Our team will reply or update the post as soon as possible.
How to find the blacklisted status in CSF ?
There are three different ways to find out the details:
Method I: From WHM
Login to your WHM control panel and search the “ConfigServer Security & Firewall” from the search tool bar which is located left side of the WHM menu. Then use the Search for IP tool to findout the details of IP block on the server.
You can unblock the IP address from the output itself. See the attachment for more tips.
Command line options
Method II: You can use the switch ‘g’ along with the csf command.
How to use it?
Step 1: SSH to your server as root user.
Step 2: Run the below pasted command.
[root@server ] csf -g IP-Address
Click here for more CSF commands for Unix/Linux servers.
Example
1. Search the details of IP address 1.1.1.1 on your server by using the command csf.
[root@server ] csf -g 1.1.1.1
Chain num pkts bytes target prot opt in out source destination
No matches found for 1.1.1.1 in iptables
2. Search after blocking the IP address 2.2.2.2 on your server.
2.1 csf -d : to block IP address
[root@server ] csf -d 2.2.2.2
Adding 2.2.2.2 to csf.deny and iptables DROP...
DROP all opt -- in !lo out * 2.2.2.2 -> 0.0.0.0/0
DROP all opt -- in * out !lo 0.0.0.0/0 -> 2.2.2.2
2.2 csf -g : to find details
[root@server ] csf -g 2.2.2.2
------
Chain num pkts bytes target prot opt in out source destination
DENYIN 26 0 0 DROP all -- !lo * 2.2.2.2 0.0.0.0/0
DENYOUT 26 0 0 DROP all -- * !lo 0.0.0.0/0 2.2.2.2
csf.deny: 2.2.2.2 # Manually denied - Tue Dec 24 14:35:43 2013
-------
Method III: Grep the IP Address details from the log file “/var/log/lfd.log“
[root@server ] grep 'IP-Address' /var/log/lfd.log
That’s it.
Related documents
- Install and configure csf on CentOS
- CSF commands for Unix/Linux servers
- Process tracking with the help of csf
- How to disable Lfd excessive resource usage alert
- How to block countries from server by using csf
If you are interested in new technologies please read about how Prometheus helps on monitoring. All these docs are under this category, Prometheus.
How to use csf -f command? where to paste?
Right questions..! The switch “-f” is for flushing out all rules from all chains of CSF. This is like the ‘iptables’ command “iptables -F”.
Please see the sample output:
——–
[root@support csf]# csf -f
Flushing chain `INPUT’
Flushing chain `FORWARD’
Flushing chain `OUTPUT’
Flushing chain `ALLOWIN’
Flushing chain `ALLOWOUT’
Flushing chain `DENYIN’
Flushing chain `DENYOUT’
Flushing chain `INVALID’
Flushing chain `INVDROP’
Flushing chain `LOCALINPUT’
Flushing chain `LOCALOUTPUT’
Flushing chain `LOGDROPIN’
….>
….>
——–
Note, after restarting CSF, it will goes back to normal state.
CSF commands
its nice article
I want to know if ip whitelist in csf how to deny ip whiteliste how to to block ip
I want to know
Thanks
Thanks…It was helpful..!
Most welcome, Sharon!