Search Our Database

Introduction

ConfigServer Security & Firewall (CSF) is an advanced firewall for Linux servers. It is widely used for its ease of configuration and robust security features. One of its capabilities includes allowing or blocking access to specific ports for individual IP addresses or ranges. This is particularly useful for services that should be exposed to a limited set of IPs for security reasons, such as database management interfaces or administration panels.

Prerequisites

• Root access to the Linux server where CSF is installed.
• CSF and LFD (Login Failure Daemon) must be installed and running on your server. If CSF is not installed, refer to the CSF installation guide specific to your Linux distribution.
• Basic knowledge of using the command line interface (CLI) and editing configuration files on Linux.

1. SSH into your server

2. Edit the CSF allow file

vi /etc/csf/csf.allow

3. Add the line below into the CSF allow file. Replace <PORT> with the port number you wish to allow and <IP_ADDRESS> with the specific IP address.

tcp|in|d=<PORT>|s=<IP_ADDRESS>

If you wish to restrict outgoing traffic for the port to the IP address. Add the line below to the CSF allow list.

tcp|out|d=<PORT>|d=<IP_ADDRESS>

4. Exit the Text Editor by using the command below:

:wq

5. Reload the CSF configuration by using the command below:

csf -r

Conclusion

By following the steps outlined above, you can successfully allow a port for a specific IP in CSF, enhancing your server’s security by limiting access to sensitive services. This method ensures that only designated IPs can access specific ports, providing a tailored security posture for your server’s unique needs.

For additional assistance or if you encounter any issues, please contact our support team at support@ipserverone.com.