Tutorial News Comments FAQ Related Articles

How to Block IP on Ubuntu 22.04 using CSF

To Block IP On Ubuntu 22.04 Using CSF

Introduction :

The Configuration Server Firewall (CSF) is a firewall software application for Linux servers that controls network traffic, blocks suspicious IP addresses, and receives real-time alerts regarding threats.

Installation Steps:

Step 1: Check the OS version by using the below command

root@linuxhelp:~# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.2 LTS
Release:	22.04
Codename:	jammy

Step 2: Check the status of the CSF and IFD by using the below command

root@linuxhelp:~# systemctl status csf lfd
● csf.service - ConfigServer Firewall & Security - csf
     Loaded: loaded (/lib/systemd/system/csf.service; enabled; vendor preset: enabled)
     Active: active (exited) since Mon 2023-06-26 04:07:30 IST; 35s ago
   Main PID: 31637 (code=exited, status=0/SUCCESS)
        CPU: 2.370s

Jun 26 04:07:30 linuxhelp csf[31637]: ACCEPT  all opt    in * out lo  ::/0  -> ::/0
Jun 26 04:07:30 linuxhelp csf[31637]: LOGDROPOUT  all opt    in * out !lo  ::/0  -> ::/0
Jun 26 04:07:30 linuxhelp csf[31637]: LOGDROPIN  all opt    in !lo out *  ::/0  -> ::/0
Jun 26 04:07:30 linuxhelp csf[31637]: csf: FASTSTART loading DNS (IPv4)
Jun 26 04:07:30 linuxhelp csf[31637]: csf: FASTSTART loading DNS (IPv6)
Jun 26 04:07:30 linuxhelp csf[31637]: LOCALOUTPUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
Jun 26 04:07:30 linuxhelp csf[31637]: LOCALINPUT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
Jun 26 04:07:30 linuxhelp csf[31637]: LOCALOUTPUT  all opt    in * out !lo  ::/0  -> ::/0
Jun 26 04:07:30 linuxhelp csf[31637]: LOCALINPUT  all opt    in !lo out *  ::/0  -> ::/0
Jun 26 04:07:30 linuxhelp systemd[1]: Finished ConfigServer Firewall & Security - csf.

● lfd.service - ConfigServer Firewall & Security - lfd
     Loaded: loaded (/lib/systemd/system/lfd.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2023-06-26 04:07:31 IST; 34s ago
   Main PID: 31819 (lfd - sleeping)
      Tasks: 3 (limit: 4573)
     Memory: 228.9M
        CPU: 4.723s
     CGroup: /system.slice/lfd.service
             ├─31819 "lfd - sleeping"
             ├─31829 "lfd - (child) (PT) checking user processes"
             └─31831 /usr/sbin/sendmail -f root -t

Jun 26 04:07:30 linuxhelp systemd[1]: Starting ConfigServer Firewall & Security - lfd...
Jun 26 04:07:31 linuxhelp systemd[1]: Started ConfigServer Firewall & Security - lfd.
Jun 26 04:07:32 linuxhelp sendmail[31831]: My unqualified host name (linuxhelp) unknown; sleeping for ret>

Step 3: Go the csf.deny file in /etc/csf and enter the ip you want to block by using the below command

root@linuxhelp:~# vim /etc/csf/csf.deny
# See readme.txt for more information regarding advanced port filtering
#
192.168.6.120

Step 4: Reload the CSF by using the below command

root@linuxhelp:~# csf -r
Flushing chain `INPUT'
Deleting chain `LOCALOUTPUT'
csf: FASTSTART loading UDP6_OUT (IPv6)
ACCEPT  all opt -- in lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out lo  0.0.0.0/0  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
LOGDROPIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  all opt    in lo out *  ::/0  -> ::/0  
ACCEPT  all opt    in * out lo  ::/0  -> ::/0  
LOGDROPOUT  all opt    in * out !lo  ::/0  -> ::/0  
LOGDROPIN  all opt    in !lo out *  ::/0  -> ::/0  
csf: FASTSTART loading DNS (IPv4)
csf: FASTSTART loading DNS (IPv6)
LOCALOUTPUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
LOCALINPUT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
LOCALOUTPUT  all opt    in * out !lo  ::/0  -> ::/0  
LOCALINPUT  all opt    in !lo out *  ::/0  -> ::/0  

*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.

Step 5: Restart CSF and IFD by using the below command

root@linuxhelp:~# systemctl restart csf lfd

Step 6 : Another way to block IP by using the below command

root@linuxhelp:~# csf -d 192.168.6.123
Adding 192.168.6.123 to csf.deny and iptables DROP...
DROP  all opt -- in !lo out *  192.168.6.123  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.6.123

Step 7: Reload the CSF by using the below command

root@linuxhelp:~# csf -r
Flushing chain `INPUT'
Deleting chain `ALLOWIN'
Flushing chain `OUTPUT'
Deleting chain `INVDROP'
LOCALOUTPUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
LOCALINPUT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
LOCALOUTPUT  all opt    in * out !lo  ::/0  -> ::/0  
LOCALINPUT  all opt    in !lo out *  ::/0  -> ::/0  

*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.

Step 8: Restart the CSF and IFD by using the below command

 root@linuxhelp:~# systemctl restart csf lfd

Step 9: Check the csf.deny file where the deny ip’s are stored by using the below command

root@linuxhelp:~# vim /etc/csf/csf.deny

Conclusion:

By this how to block IP on Ubuntu 22.04 using CSF has come to an end.

Tags:

Author:

Comments ( 0 )

No comments available

Add a comment

Frequently asked questions ( 5 )

What is the command to deny ip in CSF?

csf -d

Where did the deny location?

/etc/csf/csf.deny

What is the command to reload CSF?

The reload command is csf -r

Where did the allow location?

/etc/csf/csf.allow

What is the command to start CSF?

The reload command is csf -s

Rank

User

Points

Top Contributers

naveelansari

135850

Top Contributers

ayanbhatti

92510

Top Contributers

hamzaahmed

32150

Top Contributers

linuxhelp

31040

Top Contributers

muhammadali

24500

Can you help Isaac ?

How to run windows application in linux

I need to run the windows application in my Linux machine, instead of installing from yum repo or any other repos. How to do that..??