Tuesday, October 29, 2013

Csf tutorial

CSF Advanced Allow/Deny Filters
In /etc/csf.allow and /etc/csf.deny you can add more complex port and ip filters using the following format (you must specify a port AND an IP address):
Broken down:
tcp/udp : EITHER tcp OR udp OR icmp protocol
in/out : EITHER incoming OR outgoing connections
s/d=port : EITHER source OR destination port number (or ICMP type)
(use a _ for a port range, e.g. 2000_3000)
s/d=ip : EITHER source OR destination IP address
u/g=UID : EITHER UID or GID of source packet, implies outgoing connections, s/d=IP value is ignored
Note: ICMP filtering uses the “port” for s/d=port to set the ICMP type. Whether you use s or d is not relevant as either simply uses the iptables –icmp-type option. Use “iptables -p icmp -h” for a list of valid ICMP types. Only one type per filter is supported
# TCP connections inbound to port 3306 from IP
# TCP connections outbound to port 22 on IP