macmladen · January 30, 2025 03:32 · Jun 18, 2015 · Jun 18, 2015 · Jun 18, 2015 · Jan 12, 2015
diff --git a/IPtables and csf.md b/IPtables and csf.md
@@ -2,7 +2,7 @@
 
 23 Jan 2012
 
-Cheat sheet
+## Cheat sheet
 
 Command                         | Description 
 --------------------------------|--------------

diff --git a/IPtables and csf.md b/IPtables and csf.md
@@ -5,7 +5,7 @@
 Cheat sheet
 
 Command                         | Description 
-----------------------------------------------
+--------------------------------|--------------
 csf -s                          | Start the firewall rules 
 csf -f                          | Flush/Stop firewall rules (note: lfd may restart csf)
 csf -r                          | Restart the firewall rules 

diff --git a/IPtables and csf.md b/IPtables and csf.md
@@ -2,6 +2,22 @@
 
 23 Jan 2012
 
+Cheat sheet
+
+Command                         | Description 
+----------------------------------------------
+csf -s                          | Start the firewall rules 
+csf -f                          | Flush/Stop firewall rules (note: lfd may restart csf)
+csf -r                          | Restart the firewall rules 
+csf -a [IP.add.re.ss] [comment] | Allow an IP and add to /etc/csf/csf.allow
+csf -tr [IP.add.re.ss]          | Remove an IP from the temporary IP ban or allow list.
+csf -tf                         | Flush all IPs from the temporary IP entries
+csf -d [IP.add.re.ss] [comment] | Deny an IP and add to /etc/csf/csf.deny 
+csf -dr [IP.add.re.ss]          | Unblock an IP and remove from /etc/csf/csf.deny 
+csf -df                         | Remove and unblock all entries in /etc/csf/csf.deny 
+csf -g [IP.add.re.ss]           | Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number) 
+csf -t                          |  Displays the current list of temporary allow and deny IP entries with their TTL and comment 
+
 How to block an IP using iptables?
 
 `$ iptables -A INPUT -s xx.xx.xx.xx -j DROP`

diff --git a/IPtables and csf.md b/IPtables and csf.md
@@ -88,9 +88,7 @@ Finally, make sure you save the firewall. Under CentOS / Fedora / RHEL / Redhat
 
 `$ service iptables save`
 
-## Configserver Firewall & Security (CSF/LFD)
-
-Source: https://raymii.org/s/articles/Configserver_Firewall_and_Security_CSF_LFD.html
+## [Configserver Firewall & Security (CSF/LFD)](https://raymii.org/s/articles/Configserver_Firewall_and_Security_CSF_LFD.html)
 
 ### csf command line tips
 

diff --git a/IPtables and csf.md b/IPtables and csf.md
@@ -87,3 +87,102 @@ iptables -D spamlist -s 202.54.1.2/29 -d 0/0 -j DROP
 Finally, make sure you save the firewall. Under CentOS / Fedora / RHEL / Redhat Linux type the following command:
 
 `$ service iptables save`
+
+## Configserver Firewall & Security (CSF/LFD)
+
+Source: https://raymii.org/s/articles/Configserver_Firewall_and_Security_CSF_LFD.html
+
+### csf command line tips
+
+Block an IP from the server
+
+```
+csf -d 192.168.1.2 
+csf -d 192.168.0/24
+```
+
+Remove an IP from the blocklist
+
+```
+csf -dr 192.168.1.2 
+```
+
+Allow an IP
+
+```
+csf -a 172.16.20.1
+```
+
+Do note that when you allow an IP, it will still be blocked by lfd if it starts brute forcing. See below, "Don't block IP addresses from the allow list with lfd" to see how to disable it.
+
+Search for an IP:
+
+```
+csf -g 192.168.1.2
+```
+
+View Ports listening for external connections and the executables running behind them
+
+```
+csf -p
+```
+
+Disable csf and lfd
+
+```
+csf -x
+```
+
+Enable csf and lfd
+
+```
+csf -e
+```
+
+Restart csf
+
+```
+csf -r
+```
+
+Mail yourself a general security check of the server
+
+```
+csf -m [email protected]
+```
+
+### Advanced filters
+
+These can be placed in either csf.allow or csf.deny.
+
+Allow connections over port 443 to a range of IP addresses:
+
+```
+tcp|out|d=443|d=12.34.56.78/27 # csf.allow
+```
+
+Allow SSH from one IP:
+
+```
+tcp|in|d=22|s=23.45.67.88 # csf.allow
+```
+
+Block traffic to port 80 from a specific range:
+
+```
+tcp|out|d=80|d=12.34.56.78/24 #csf.deny
+```
+
+The syntax for the advanced rules:
+
+```
+tcp/udp|in/out|s/d=port|s/d=ip|u=uid
+
+tcp/udp  : EITHER tcp OR udp OR icmp protocol
+in/out   : EITHER incoming OR outgoing connections
+s/d=port : EITHER source OR destination port number (or ICMP type)
+           (use a _ for a port range, e.g. 2000_3000)
+s/d=ip   : EITHER source OR destination IP address
+u/g=UID  : EITHER UID or GID of source packet, implies outgoing connections,
+           s/d=IP value is ignored
+```
diff --git a/IPtables and csf.md b/IPtables and csf.md
@@ -26,8 +26,8 @@ How to block a scanner on your server for example “w00tw00t.at.ISC.SANS” usi
 
 ## [Iptables: Unblock / Delete an IP Address Listed in IPtables Tables](http://www.cyberciti.biz/faq/iptables-delete-ip-address-subnet-from-linux-firewall/)
 
-by nixcraft on january 23, 2009 
-last updated february 15, 2011 
+by nixcraft on january 23, 2009  
+last updated february 15, 2011  
 in bash shell, centos, debian / ubuntu
 
 I am a brand new user of a Linux iptables and I can't find how to instruct my iptables to delete or unblock an IP address listed in iptables firewall. I'm using Debian Linux version. Can you help please?

diff --git a/IPtables and csf.md b/IPtables and csf.md
@@ -26,8 +26,8 @@ How to block a scanner on your server for example “w00tw00t.at.ISC.SANS” usi
 
 ## [Iptables: Unblock / Delete an IP Address Listed in IPtables Tables](http://www.cyberciti.biz/faq/iptables-delete-ip-address-subnet-from-linux-firewall/)
 
-by nixcraft on january 23, 2009
-last updated february 15, 2011
+by nixcraft on january 23, 2009 
+last updated february 15, 2011 
 in bash shell, centos, debian / ubuntu
 
 I am a brand new user of a Linux iptables and I can't find how to instruct my iptables to delete or unblock an IP address listed in iptables firewall. I'm using Debian Linux version. Can you help please?

diff --git a/IPtables and csf.md b/IPtables and csf.md
@@ -26,9 +26,9 @@ How to block a scanner on your server for example “w00tw00t.at.ISC.SANS” usi
 
 ## [Iptables: Unblock / Delete an IP Address Listed in IPtables Tables](http://www.cyberciti.biz/faq/iptables-delete-ip-address-subnet-from-linux-firewall/)
 
-by NIXCRAFT on JANUARY 23, 2009
-LAST UPDATED FEBRUARY 15, 2011
-in BASH SHELL, CENTOS, DEBIAN / UBUNTU
+by nixcraft on january 23, 2009
+last updated february 15, 2011
+in bash shell, centos, debian / ubuntu
 
 I am a brand new user of a Linux iptables and I can't find how to instruct my iptables to delete or unblock an IP address listed in iptables firewall. I'm using Debian Linux version. Can you help please?
 
@@ -85,4 +85,5 @@ iptables -D spamlist -s 202.54.1.2/29 -d 0/0 -j DROP
 ```
 
 Finally, make sure you save the firewall. Under CentOS / Fedora / RHEL / Redhat Linux type the following command:
+
 `$ service iptables save`
diff --git a/lll → IPtables and csf.md b/lll → IPtables and csf.md
diff --git a/iptables and csf → lll b/iptables and csf → lll
diff --git a/iptables and csf b/iptables and csf
@@ -0,0 +1,88 @@
+## [Quick How-To deny/allow IP using iptables](http://safesrv.net/quick-how-to-denyallow-ip-using-iptables/)
+
+23 Jan 2012
+
+How to block an IP using iptables?
+
+`$ iptables -A INPUT -s xx.xx.xx.xx -j DROP`
+
+How to block an IP for a specific port:
+
+`$ iptables -A INPUT -p tcp -s xx.xx.xx.xx --dport PORT -j DROP`
+
+How to allow access to an IP?
+
+`$ iptables -A INPUT -s xx.xx.xx.xx -j ACCEPT`
+
+How to allow access to an IP to a specific port using iptables?
+
+`$ iptables -A INPUT -p tcp -s xx.xx.xx.xx --dport PORT -j ACCEPT`
+
+where, xx.xx.xx.xx is the remote IP address and PORT is the port number you wish to allow/deny access to.
+
+How to block a scanner on your server for example “w00tw00t.at.ISC.SANS” using iptables?
+
+`$ iptables -I INPUT -p tcp --dport 80 -m string --algo bm  --string 'GET /w00tw00t.at.ISC.SANS.' -j DROP`
+
+## [Iptables: Unblock / Delete an IP Address Listed in IPtables Tables](http://www.cyberciti.biz/faq/iptables-delete-ip-address-subnet-from-linux-firewall/)
+
+by NIXCRAFT on JANUARY 23, 2009
+LAST UPDATED FEBRUARY 15, 2011
+in BASH SHELL, CENTOS, DEBIAN / UBUNTU
+
+I am a brand new user of a Linux iptables and I can't find how to instruct my iptables to delete or unblock an IP address listed in iptables firewall. I'm using Debian Linux version. Can you help please?
+
+Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. You can delete one or more rules from the selected chain. There are two versions of this command: the rule can be specified as a number in the chain (starting at 1 for the first rule) or a rule to match.
+
+List existing chains
+
+```
+Type the following command to list current IPs in tables:
+iptables -L -n
+iptables -L -n -v
+iptables -L chain-name -n -v
+iptables -L spamips -n -v
+```
+
+List existing chains with line number
+
+```
+To display line number along with other information, enter:
+iptables -L INPUT -n --line-numbers
+iptables -L OUTPUT -n --line-numbers
+iptables -L OUTPUT -n --line-numbers | less
+iptables -L spamips -n -v --line-numbers
+iptables -L spamips -n -v --line-numbers | grep 202.54.1.2
+```
+
+```
+Chain droplist (3 references)
+num   pkts bytes target     prot opt in     out     source               destination
+1        0     0 LOG        0    --  *      *       116.199.128.0/19     0.0.0.0/0           LOG flags 0 level 4 prefix `LASSO DROP Block'
+2        0     0 DROP       0    --  *      *       116.199.128.0/19     0.0.0.0/0
+3        0     0 LOG        0    --  *      *       116.50.8.0/21        0.0.0.0/0           LOG flags 0 level 4 prefix `LASSO DROP Block'
+4        0     0 DROP       0    --  *      *       116.50.8.0/21        0.0.0.0/0
+5        0     0 LOG        0    --  *      *       128.199.0.0/16       0.0.0.0/0           LOG flags 0 level 4 prefix `LASSO DROP Block'
+6        0     0 DROP       0    --  *      *       128.199.0.0/16       0.0.0.0/0
+7        0     0 LOG        0    --  *      *       132.232.0.0/16       0.0.0.0/0           LOG flags 0 level 4 prefix `LASSO DROP Block'
+8        0     0 DROP       0    --  *      *       132.232.0.0/16       0.0.0.0/0
+9      342 23317 LOG        0    --  *      *       134.175.0.0/16       0.0.0.0/0           LOG flags 0 level 4 prefix `LASSO DROP Block'
+10     342 23317 DROP       0    --  *      *       134.175.0.0/16       0.0.0.0/0
+11       0     0 LOG        0    --  *      *       134.33.0.0/16        0.0.0.0/0           LOG flags 0 level 4 prefix `LASSO DR
+```
+
+You will get the list of all blocked IP. Look at the number on the left, then use number to delete it. For example delete line number 10 (subner 134.175.0.0/16), enter:
+
+`$ iptables -D INPUT 10`
+
+You can also use the following syntax to delete / unblock an IP use the following syntax:
+
+```
+iptables -D INPUT -s xx.xxx.xx.xx -j DROP
+iptables -D INPUT -s xx.xxx.xx.xx/yy -j DROP
+iptables -D spamlist -s 202.54.1.2 -d 0/0 -j DROP
+iptables -D spamlist -s 202.54.1.2/29 -d 0/0 -j DROP
+```
+
+Finally, make sure you save the firewall. Under CentOS / Fedora / RHEL / Redhat Linux type the following command:
+`$ service iptables save`