Tutorial News Comments FAQ Related Articles

How to allow Port for particular IP in CSF on Oracle Linux 9.3

To Allow Port For Particular IP In CSF On Oracle Linux 9.3

Introduction:

ConfigServer Firewall (CSF) is a firewall application suite for Linux servers that helps manage and control network traffic, block suspicious IP addresses, and receive real-time alerts about potential threats.

Installation Steps:

Step 1: Check the OS version by using the below command

[root@linuxhelp ~]# cat /etc/os-release
NAME="Oracle Linux Server"
VERSION="9.3"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="9.3"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Oracle Linux Server 9.3"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:9:3:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://github.com/oracle/oracle-linux"
ORACLE_BUGZILLA_PRODUCT="Oracle Linux 9"
ORACLE_BUGZILLA_PRODUCT_VERSION=9.3
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=9.3

Step 2: Check the status of the CSF and IFD by using the below command

[root@linuxhelp ~]# systemctl status csf lfd
● csf.service - ConfigServer Firewall & Security - csf
     Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; preset: disabled)
     Active: active (exited) since Sat 2024-01-06 00:16:49 IST; 18min ago
    Process: 8121 ExecStart=/usr/sbin/csf --initup (code=exited, status=0/SUCCESS)
   Main PID: 8121 (code=exited, status=0/SUCCESS)
        CPU: 851ms

Jan 06 00:16:48 linuxhelp systemd[1]: Starting ConfigServer Firewall & Security - csf...
Jan 06 00:16:49 linuxhelp csf[8121]: (restoring iptables) (restoring ip6tables)
Jan 06 00:16:49 linuxhelp systemd[1]: Finished ConfigServer Firewall & Security - csf.

● lfd.service - ConfigServer Firewall & Security - lfd
     Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; preset: disabled)
     Active: active (running) since Sat 2024-01-06 00:16:50 IST; 18min ago
    Process: 8150 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
   Main PID: 8163 (lfd - sleeping)
      Tasks: 1 (limit: 21739)
     Memory: 28.6M
        CPU: 21.264s
     CGroup: /system.slice/lfd.service
             └─8163 "lfd - sleeping"

Jan 06 00:16:49 linuxhelp systemd[1]: Starting ConfigServer Firewall & Security - lfd...
Jan 06 00:16:50 linuxhelp systemd[1]: Started ConfigServer Firewall & Security - lfd.

Step 3: Add the following line in the csf.allow file by using the below command

root@linuxhelp:~# vim /etc/csf/csf.allow
 Add the following line
tcp|in|d=3306|s=IP_Address

Step 4: Restart the firewall rules by using the below command

root@linuxhelp:~# csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `INVALID'
Flushing chain `INVDROP'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `INVALID'
Flushing chain `INVDROP'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
ACCEPT  all opt -- in lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out lo  0.0.0.0/0  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
LOGDROPIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  all opt    in lo out *  ::/0  -> ::/0  
ACCEPT  all opt    in * out lo  ::/0  -> ::/0  
LOGDROPOUT  all opt    in * out !lo  ::/0  -> ::/0  
LOGDROPIN  all opt    in !lo out *  ::/0  -> ::/0  
csf: FASTSTART loading DNS (IPv4)
csf: FASTSTART loading DNS (IPv6)
LOCALOUTPUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
LOCALINPUT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
LOCALOUTPUT  all opt    in * out !lo  ::/0  -> ::/0  
LOCALINPUT  all opt    in !lo out *  ::/0  -> ::/0

Step 5: Restart the CSF and IFD services by using the below command

root@linuxhelp:~# systemctl restart csf lfd

Check the port status in the online port checker

Conclusion:

We have reached the end of this article. In this guide, we have walked you through the steps required to allow port for Particular IP on oracle Linux 9.3. Your feedback is much welcome.

Tags:

Author:

Comments ( 0 )

No comments available

Add a comment

Frequently asked questions ( 5 )

What is the command to deny IP in CSF?

csf -d is a Command to deny IP in CSF

Where did the deny location?

/etc/csf/csf.deny

What is the command to reload CSF?

The reload command of CSF is "csf -r"

Where was the allowed location?

/etc/csf/csf.allow

What is the command to start CSF?

The start command of CSF is "csf -s"

Rank

User

Points

Top Contributers

naveelansari

135850

Top Contributers

ayanbhatti

92510

Top Contributers

hamzaahmed

32150

Top Contributers

linuxhelp

31035

Top Contributers

muhammadali

24500

Can you help rio ?

Screen Recording tool for Ubuntu

Hi..

is there any light-weight screen recording tool available for ubuntu....