CSF shell command

For those who have the CSF firewall in their cPanel. Here is some command to manage it in shell and not by WHM 🙂

-h, –help
Show this message

-l, –status
List/Show iptables configuration

-l6, –status6
List/Show ip6tables configuration

-s, –start
Start firewall rules

-f, –stop
Flush/Stop firewall rules (Note: lfd may restart csf)

-r, –restart
Restart firewall rules

-q, –startq
Quick restart (csf restarted by lfd)

-sf, –startf
Force CLI restart regardless of LF_QUICKSTART setting

-a, –add ip
Allow an IP and add to /etc/csf.allow

-ar, –addrm ip
Remove an IP from /etc/csf.allow and delete rule

-d, –deny ip
Deny an IP and add to /etc/csf.deny

-dr, –denyrm ip
Unblock an IP and remove from /etc/csf.deny

-df, –denyf
Remove and unblock all entries in /etc/csf.deny

-g, –grep ip
Search the iptables rules for an IP match (incl. CIDR)

-t, –temp
Displays the current list of temp IP entries and their TTL

-tr, –temprm ip
Remove an IPs from the temp IP ban and allow list

-td, –tempdeny ip ttl [-p port] [-d direction]
Add an IP to the temp IP ban list. ttl is how long to blocks for (default:seconds, can use one suffix of h/m/d).
Optional port. Optional direction of block can be one of: in, out or inout (default:in)

-ta, –tempallow ip ttl [-p port] [-d direction]
Add an IP to the temp IP allow list (default:inout)

-tf, –tempf
Flush all IPs from the temp IP entries

-cp, –cping
PING all members in an lfd Cluster

-cd, –cdeny ip
Deny an IP in a Cluster and add to /etc/csf.deny

-ca, –callow ip
Allow an IP in a Cluster and add to /etc/csf.allow

-cr, –crm ip
Unblock an IP in a Cluster and remove from /etc/csf.deny

-cc, –cconfig [name] [value]
Change configuration option [name] to [value] in a Cluster

-cf, –cfile [file]
Send [file] in a Cluster to /etc/csf/

-crs, –crestart
Cluster restart csf and lfd

-w, –watch ip
Log SYN packets for an IP across iptables chains

-m, –mail [addr]
Display Server Check in HTML or email to [addr] if present

-c, –check
Check for updates to csf but do not upgrade

-u, –update
Check for updates to csf and upgrade if available

-uf
Force an update of csf

-x, –disable
Disable csf and lfd

-e, –enable
Enable csf and lfd if previously disabled

-v, –version
Show csf version