How to Block IP on Ubuntu 22.04 using CSF
To Block IP On Ubuntu 22.04 Using CSF
Introduction :
The Configuration Server Firewall (CSF) is a firewall software application for Linux servers that controls network traffic, blocks suspicious IP addresses, and receives real-time alerts regarding threats.
Installation Steps:
Step 1: Check the OS version by using the below command
root@linuxhelp:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.2 LTS
Release: 22.04
Codename: jammy
Step 2: Check the status of the CSF and IFD by using the below command
root@linuxhelp:~# systemctl status csf lfd
● csf.service - ConfigServer Firewall & Security - csf
Loaded: loaded (/lib/systemd/system/csf.service; enabled; vendor preset: enabled)
Active: active (exited) since Mon 2023-06-26 04:07:30 IST; 35s ago
Main PID: 31637 (code=exited, status=0/SUCCESS)
CPU: 2.370s
Jun 26 04:07:30 linuxhelp csf[31637]: ACCEPT all opt in * out lo ::/0 -> ::/0
Jun 26 04:07:30 linuxhelp csf[31637]: LOGDROPOUT all opt in * out !lo ::/0 -> ::/0
Jun 26 04:07:30 linuxhelp csf[31637]: LOGDROPIN all opt in !lo out * ::/0 -> ::/0
Jun 26 04:07:30 linuxhelp csf[31637]: csf: FASTSTART loading DNS (IPv4)
Jun 26 04:07:30 linuxhelp csf[31637]: csf: FASTSTART loading DNS (IPv6)
Jun 26 04:07:30 linuxhelp csf[31637]: LOCALOUTPUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
Jun 26 04:07:30 linuxhelp csf[31637]: LOCALINPUT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
Jun 26 04:07:30 linuxhelp csf[31637]: LOCALOUTPUT all opt in * out !lo ::/0 -> ::/0
Jun 26 04:07:30 linuxhelp csf[31637]: LOCALINPUT all opt in !lo out * ::/0 -> ::/0
Jun 26 04:07:30 linuxhelp systemd[1]: Finished ConfigServer Firewall & Security - csf.
● lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/lib/systemd/system/lfd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2023-06-26 04:07:31 IST; 34s ago
Main PID: 31819 (lfd - sleeping)
Tasks: 3 (limit: 4573)
Memory: 228.9M
CPU: 4.723s
CGroup: /system.slice/lfd.service
├─31819 "lfd - sleeping"
├─31829 "lfd - (child) (PT) checking user processes"
└─31831 /usr/sbin/sendmail -f root -t
Jun 26 04:07:30 linuxhelp systemd[1]: Starting ConfigServer Firewall & Security - lfd...
Jun 26 04:07:31 linuxhelp systemd[1]: Started ConfigServer Firewall & Security - lfd.
Jun 26 04:07:32 linuxhelp sendmail[31831]: My unqualified host name (linuxhelp) unknown; sleeping for ret>
Step 3: Go the csf.deny file in /etc/csf and enter the ip you want to block by using the below command
root@linuxhelp:~# vim /etc/csf/csf.deny
# See readme.txt for more information regarding advanced port filtering
#
192.168.6.120
Step 4: Reload the CSF by using the below command
root@linuxhelp:~# csf -r
Flushing chain `INPUT'
Deleting chain `LOCALOUTPUT'
csf: FASTSTART loading UDP6_OUT (IPv6)
ACCEPT all opt -- in lo out * 0.0.0.0/0 -> 0.0.0.0/0
ACCEPT all opt -- in * out lo 0.0.0.0/0 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
LOGDROPIN all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
ACCEPT all opt in lo out * ::/0 -> ::/0
ACCEPT all opt in * out lo ::/0 -> ::/0
LOGDROPOUT all opt in * out !lo ::/0 -> ::/0
LOGDROPIN all opt in !lo out * ::/0 -> ::/0
csf: FASTSTART loading DNS (IPv4)
csf: FASTSTART loading DNS (IPv6)
LOCALOUTPUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
LOCALINPUT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
LOCALOUTPUT all opt in * out !lo ::/0 -> ::/0
LOCALINPUT all opt in !lo out * ::/0 -> ::/0
*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.
Step 5: Restart CSF and IFD by using the below command
root@linuxhelp:~# systemctl restart csf lfd
Step 6 : Another way to block IP by using the below command
root@linuxhelp:~# csf -d 192.168.6.123
Adding 192.168.6.123 to csf.deny and iptables DROP...
DROP all opt -- in !lo out * 192.168.6.123 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.6.123
Step 7: Reload the CSF by using the below command
root@linuxhelp:~# csf -r
Flushing chain `INPUT'
Deleting chain `ALLOWIN'
Flushing chain `OUTPUT'
Deleting chain `INVDROP'
LOCALOUTPUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
LOCALINPUT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
LOCALOUTPUT all opt in * out !lo ::/0 -> ::/0
LOCALINPUT all opt in !lo out * ::/0 -> ::/0
*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.
Step 8: Restart the CSF and IFD by using the below command
root@linuxhelp:~# systemctl restart csf lfd
Step 9: Check the csf.deny file where the deny ip’s are stored by using the below command
root@linuxhelp:~# vim /etc/csf/csf.deny
Conclusion:
By this how to block IP on Ubuntu 22.04 using CSF has come to an end.
Q
What is the command to start CSF?
A
The reload command is csf -s
Q
Where did the allow location?
A
/etc/csf/csf.allow
Q
What is the command to reload CSF?
A
The reload command is csf -r
Q
Where did the deny location?
A
/etc/csf/csf.deny
Q
What is the command to deny ip in CSF?
A
csf -d