How to Add Custom iptables Rules with CSF

CSF (ConfigServer Filewall) is an iptables based firewall, provides easier way to implement iptables rules. Some times we need to add some specific rules (e.g. iptables rules not covered by csf) to add in CSF. If we add these rules using iptables command directly from shell, they will erased on next CSF restart. after installing CSF firewall on Linux, This article will help you to how to add custom iptables rules with CSF.

CSF provides pre and post scripts which executes before or after CSF rules setup. For example you want to open port 3306 ( Default MySQL ) to specific ip. You can add following rules to pre or post script

[ideabox]
csfpre.sh: To run external commands before csf configures iptables
csfpost.sh: To run external commands after csf configures iptables
[/ideabox]

Before CSF Rules

csfpre.sh: Create file /etc/csf/csfpre.sh and add following command.

iptables -I INPUT -s 1.2.3.4 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
After CSF Rules

csfpost.sh: Create an file /etc/csf/csfpost.sh and add following command.

iptables -I INPUT -s 1.2.3.4 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
Restart CSF

To restart CSF simply type below command and watch the results. CSF produce lots of output so you may not see entire output in one script, so also add more command to see page wise results.

# csf -r | more

See below the few part of output

...
...
Deleting chain `LOCALOUTPUT'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Running /etc/csf/csfpre.sh
DROP  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:67
DROP  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  udp dpt:67
...
...
...
ACCEPT  tcp opt -- in * out !lo  0.0.0.0/0  -> 8.8.8.8  tcp dpt:53
LOCALOUTPUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
LOCALINPUT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
LOCALOUTPUT  all opt    in * out !lo  ::/0  -> ::/0
LOCALINPUT  all opt    in !lo out *  ::/0  -> ::/0
Running /etc/csf/csfpost.sh

Thank you! for using this article. Click here to read more about CSF configuration.

Was this Tutorial helpful? Help others share on Facebook, Twitter, and Google Plus!

 
Enjoyed this video?
How to Add Custom iptables Rules with CSF
"No Thanks. Please Close This Box!"