Search Our Database

How to allow a port for a specific IP in CSF

Last updated on |
under
Security, Linux
|
by

Introduction

ConfigServer Security & Firewall (CSF) is a powerful and configurable firewall solution for Linux servers, commonly used for its strong security features and ease of use. One of CSF’s valuable features is its ability to restrict access to specific ports for particular IP addresses or IP ranges. This functionality is particularly useful for securing sensitive services, such as database management interfaces and administrative panels, by limiting access to only authorized IPs.

This guide provides a step-by-step approach to configuring CSF to allow a specific IP to access a particular port, enhancing your server’s security.

 

Prerequisites

  • Root Access: Root or sudo privileges on the Linux server where CSF is installed.
  • CSF and LFD Installed: Ensure that both CSF and LFD (Login Failure Daemon) are installed and actively running on the server. If CSF is not yet installed, refer to the appropriate installation guide for your Linux distribution.
  • Basic Command Line Knowledge: Familiarity with using the command line interface (CLI) and editing configuration files on Linux.

 

Step-by-Step Guide

Step 1: SSH into Your Server

Log into your server via SSH with root or sudo privileges to access CSF configurations.

 

Step 2: Open the CSF Allow File

Use the vi text editor to open the CSF allow file. This file is where specific IP and port permissions are configured.

vi /etc/csf/csf.allow

 

Step 3: Add Port and IP Rules in the CSF Allow File

In the CSF allow file, add a line to permit incoming traffic on a specific port for a designated IP address. Replace <PORT> with the target port number and <IP_ADDRESS> with the specific IP address to allow.

tcp|in|d=<PORT>|s=<IP_ADDRESS>
🖊️ Tip: To allow outgoing traffic from a specific port to the specified IP address, use the following syntax:
tcp|out|d=<PORT>|d=<IP_ADDRESS>

 

Step 4: Save and Close the CSF Allow File

Exit the text editor and save the changes by entering the following command:

:wq

 

Step 5: Reload the CSF Configuration

Apply the changes by reloading the CSF configuration with this command:

csf -r

 

Conclusion

Following these steps allows a specific IP address to access a specified port on your server through CSF, helping to secure sensitive services by limiting access. By configuring port and IP-based restrictions, server administrators can enhance their security posture and control access to critical services.

For additional assistance or if you encounter any issues, please contact the support team at support@ipserverone.com.

Related Article

Related Posts