How to allow Port for particular IP in CSF on Oracle Linux 9.3

To Allow Port For Particular IP In CSF On Oracle Linux 9.3

Introduction:

ConfigServer Firewall (CSF) is a firewall application suite for Linux servers that helps manage and control network traffic, block suspicious IP addresses, and receive real-time alerts about potential threats.

Installation Steps:

Step 1: Check the OS version by using the below command

[root@linuxhelp ~]# cat /etc/os-release
NAME="Oracle Linux Server"
VERSION="9.3"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="9.3"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Oracle Linux Server 9.3"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:9:3:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://github.com/oracle/oracle-linux"
ORACLE_BUGZILLA_PRODUCT="Oracle Linux 9"
ORACLE_BUGZILLA_PRODUCT_VERSION=9.3
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=9.3

Step 2: Check the status of the CSF and IFD by using the below command

[root@linuxhelp ~]# systemctl status csf lfd
● csf.service - ConfigServer Firewall & Security - csf
     Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; preset: disabled)
     Active: active (exited) since Sat 2024-01-06 00:16:49 IST; 18min ago
    Process: 8121 ExecStart=/usr/sbin/csf --initup (code=exited, status=0/SUCCESS)
   Main PID: 8121 (code=exited, status=0/SUCCESS)
        CPU: 851ms

Jan 06 00:16:48 linuxhelp systemd[1]: Starting ConfigServer Firewall & Security - csf...
Jan 06 00:16:49 linuxhelp csf[8121]: (restoring iptables) (restoring ip6tables)
Jan 06 00:16:49 linuxhelp systemd[1]: Finished ConfigServer Firewall & Security - csf.

● lfd.service - ConfigServer Firewall & Security - lfd
     Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; preset: disabled)
     Active: active (running) since Sat 2024-01-06 00:16:50 IST; 18min ago
    Process: 8150 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
   Main PID: 8163 (lfd - sleeping)
      Tasks: 1 (limit: 21739)
     Memory: 28.6M
        CPU: 21.264s
     CGroup: /system.slice/lfd.service
             └─8163 "lfd - sleeping"

Jan 06 00:16:49 linuxhelp systemd[1]: Starting ConfigServer Firewall & Security - lfd...
Jan 06 00:16:50 linuxhelp systemd[1]: Started ConfigServer Firewall & Security - lfd.

root@linuxhelp:~# vim /etc/csf/csf.allow
 Add the following line
tcp|in|d=3306|s=IP_Address

root@linuxhelp:~# csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `INVALID'
Flushing chain `INVDROP'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `INVALID'
Flushing chain `INVDROP'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
ACCEPT  all opt -- in lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out lo  0.0.0.0/0  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
LOGDROPIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  all opt    in lo out *  ::/0  -> ::/0  
ACCEPT  all opt    in * out lo  ::/0  -> ::/0  
LOGDROPOUT  all opt    in * out !lo  ::/0  -> ::/0  
LOGDROPIN  all opt    in !lo out *  ::/0  -> ::/0  
csf: FASTSTART loading DNS (IPv4)
csf: FASTSTART loading DNS (IPv6)
LOCALOUTPUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
LOCALINPUT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
LOCALOUTPUT  all opt    in * out !lo  ::/0  -> ::/0  
LOCALINPUT  all opt    in !lo out *  ::/0  -> ::/0  

root@linuxhelp:~# systemctl restart csf lfd