CSF Advanced Allow/Deny Filters
In /etc/csf.allow and /etc/csf.deny you can add more complex port and ip filters using the following format (you must specify a port AND an IP address):
tcp/udp|in/out|s/d=port|s/d=ip|u=uid
Broken down:
tcp/udp : EITHER tcp OR udp OR icmp protocol
in/out : EITHER incoming OR outgoing connections
s/d=port : EITHER source OR destination port number (or ICMP type)
(use a _ for a port range, e.g. 2000_3000)
s/d=ip : EITHER source OR destination IP address
u/g=UID : EITHER UID or GID of source packet, implies outgoing connections, s/d=IP value is ignored
in/out : EITHER incoming OR outgoing connections
s/d=port : EITHER source OR destination port number (or ICMP type)
(use a _ for a port range, e.g. 2000_3000)
s/d=ip : EITHER source OR destination IP address
u/g=UID : EITHER UID or GID of source packet, implies outgoing connections, s/d=IP value is ignored
Note: ICMP filtering uses the “port” for s/d=port to set the ICMP type. Whether you use s or d is not relevant as either simply uses the iptables –icmp-type option. Use “iptables -p icmp -h” for a list of valid ICMP types. Only one type per filter is supported
Examples:
# TCP connections inbound to port 3306 from IP 11.22.33.44
tcp|in|d=3306|s=11.22.33.44
tcp|in|d=3306|s=11.22.33.44
# TCP connections outbound to port 22 on IP 11.22.33.44
tcp|out|d=22|d=11.22.33.44
tcp|out|d=22|d=11.22.33.44