How to Configure Port-Specific and IP-Specific Rules in CSF using Rocky Linux 9.2
To Configure Port-Specific And IP-Specific Rules In CSF Using Rocky Linux 9.2
Introduction:
ConfigServer Security & Firewall (CSF) is one of the most popular free firewalls for Linux servers. Additionally, it integrates with nearly all hosting control panels and allows easy management of IPtables.
Procedure:
Step 1: Check the OS version by using the below command
[root@Linuxhelp ~]# cat /etc/os-release
NAME="Rocky Linux"
VERSION="9.2 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.2 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.2"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2"
Step 2: Check the status of the CSF and IFD by using the below command
[root@Linuxhelp ~]# systemctl status csf lfd
● csf.service - ConfigServer Firewall & Security - csf
Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; preset: disabled)
Active: active (exited) since Sat 2024-02-24 08:22:49 IST; 12min ago
Process: 14799 ExecStart=/usr/sbin/csf --initup (code=exited, status=0/SUCCESS)
Main PID: 14799 (code=exited, status=0/SUCCESS)
CPU: 667ms
Feb 24 08:22:48 Linuxhelp systemd[1]: Starting ConfigServer Firewall & Security - csf...
Feb 24 08:22:49 Linuxhelp csf[14799]: (restoring iptables) (restoring ip6tables)
Feb 24 08:22:49 Linuxhelp systemd[1]: Finished ConfigServer Firewall & Security - csf.
● lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; preset: disabled)
Active: active (running) since Sat 2024-02-24 08:22:49 IST; 12min ago
Process: 14828 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
Main PID: 14842 (lfd - sleeping)
Tasks: 1 (limit: 22877)
Memory: 27.4M
CPU: 12.325s
CGroup: /system.slice/lfd.service
└─14842 "lfd - sleeping"
Feb 24 08:22:49 Linuxhelp systemd[1]: Starting ConfigServer Firewall & Security - lfd...
Feb 24 08:22:49 Linuxhelp systemd[1]: Started ConfigServer Firewall & Security - lfd.
Step 3: Open the /etc/csf/csf.allow file with your favourite text editor and add the following line to allow Mysql port for specific IP address by using the below command.
[root@Linuxhelp ~]# vim /etc/csf/csf.allow
tcp|in|d=3306|s=192.168.6.130
Step 4: Restart the firewall rules by using the below command
[root@Linuxhelp ~]# csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `INVALID'
Flushing chain `INVDROP'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
Flushing chain `LOGDROPIN'
*WARNING* Binary location for [SENDMAIL] [/usr/sbin/sendmail] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality
*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.
Step 5: Restart the CSF and IFD services by using the below command
[root@Linuxhelp ~]# systemctl restart csf lfd
Conclusion:
We have reached the end of this article. In this guide, we have walked you through the steps required to configure Port Specific and IP Specific Rules in CSF using Rocky Linux 9.2. Your feedback is much welcome.