# systemctl restart {csf,lfd}
CSF -rsystemctl restart lfd
disable csf & enable # csf -x # csf -e
reload CSF: # csf -ra
Start CSF tool.# csf -s
top/Flush CSF tool.# csf -f
Restart CSF tools.# csf -ra
Check ALL listening ports.# csf -p
check the IPv4 iptables configuration# csf -l
Configure CSF
$ sudo apt update$ sudo apt upgrade Configure CSF
# apt-get install libio-socket-ssl-perl libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl libcrypt-ssleay-perl -y
# apt-get install perl zip unzip libwww-perl liblwp-protocol-https-perl -y
# apt remove ufw# ufw disable
# cd /usr/src # wget https://download.configserver.com/csf.tgz # tar -xzf csf.tgz
# cd csf# sh install.sh
# perl /usr/local/csf/bin/csftest.pl
# csf -v
# vim /etc/csf/csf.conf
TESTING = "0"
#To enable log RESTRICT_SYSLOG = "3"
# Allow incoming TCP portsTCP_IN = " 20,21,22,25,53,80,110,143,443,465,587,993,995"
# Allow outgoing TCP portsTCP_OUT = " 20,21,22,25,53,80,110,113,443,587,993,995"
# Allow incoming UDP portsUDP_IN = " 20,21,53"
# Allow outgoing UDP ports# To allow outgoing traceroute add 33434:33523 to this listUDP_OUT = " 20,21,53,113,123"
# systemctl start csf# systemctl status csf
Services using the open ports:
- Port 20: FTP data transfer
- Port 21: FTP control
- Port 22: Secure shell (SSH)
- Port 25: Simple mail transfer protocol (SMTP)
- Port 53: Domain name system (DNS)
- Port 80: Hypertext transfer protocol (HTTP)
- Port 110: Post office protocol v3 (POP3)
- Port 113: Authentication service/identification protocol
- Port 123: Network time protocol (NTP)
- Port 143: Internet message access protocol (IMAP)
- Port 443: Hypertext transfer protocol over SSL/TLS (HTTPS)
- Port 465: URL Rendesvous Directory for SSM (Cisco)
- Port 587: E-mail message submission (SMTP)
- Port 993: Internet message access protocol over SSL (IMAPS)
- Port 995: Post office protocol 3 over TLS/SSL (POP3S)
LLL