Shulou(Shulou.com)06/02 Report--

This article mainly introduces the method of adding custom iptables rules using CSF, which has certain reference value and can be used for reference by friends who need it. I hope you will learn a lot after reading this article. Next, let the editor take you to learn about it.

CSF (configserver firewall) is an iptables-based firewall that provides an easier way to implement iptables rules. Sometimes we need to add specific rules (for example, IPtables rules that are not covered by CSF) to add CSF. If we add these rules directly from shell using the iptables command, they will be removed the next time CSF restarts.

After installing CSF Firewall on Linux, this article will show you how to add custom iptables rules using CSF.

CSF provides pre-and post-scripts that are executed before or after CSF rule settings. For example, if you want to open port 3306 (the default mysql) to a specific IP, you can add the following rules before or after the script

Csfpre.sh: run external commands before csf configures iptables

Csfpost.sh: run external commands after csf configures iptables

Before the CSF rule

Create a file / etc/csf/csfpre.sh and add iptables rules that you want to execute before csf applies its own rules.

Iptables-I INPUT-s1.2.3.4 iptables p tcp-m state-- state NEW-m tcp-- dport3306-j ACCEPT

After the CSF rule

Create a file / etc/csf/csfpost.sh and add iptables rules that you want to apply after csf adds its own rules to the firewall.

Iptables-I INPUT-s1.2.3.4 iptables p tcp-m state-- state NEW-m tcp-- dport3306-j ACCEPT

Restart CSF

To restart csf, simply enter the following command and view the results. CSF produces a lot of output, so you may not be able to see the entire output in a single script, so you can add more commands to view the page results.

# csf-r | more

See some of the output below

.Deleting chain `LOCALOUTPUT'Deleting chain `LOGDROPIN'Deleting chain `LOGDROPOUT'Running / etc/csf/csfpre.shDROP tcp opt-- in * out * 0.0.0.0 tcp dpt:67DROP udp opt-- in * out * 0.0.0.0 udp dpt:67.ACCEPT tcp opt-- in * out! lo 0.0.0. 0lo 0-> 8.8.8.8 tcp dpt:53LOCALOUTPUT all opt-- in * out! lo 0.0.0.0 in 0-> 0.0.0.0/0LOCALINPUT all opt-- in! lo out * 0.0.0.0 lo out 0-> 0.0.0.0/0LOCALOUTPUT all opt in * out! lo:: / 0->: / 0LOCALINPUT all opt in! lo out *:: / 0->:: / 0Running / etc / csf/csfpost.sh Thank you for reading this article carefully I hope the editor will share the method and content of adding custom iptables rules using CSF. At the same time, I also hope that you will support us, pay attention to the industry information channel, and find out if you encounter problems. Detailed solutions are waiting for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.