Learn about Centmin Mod LEMP Stack today
Register Now

CSF csf firewall auto starts after stop ?

Discussion in 'Centmin Mod Insights' started by pamamolf, Jun 19, 2014.

  1. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    7:50 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Hi

    I just run csfstop and the firewall stop as was not able to open my test site...

    Blocked but i do not know why :)


    Then i was able to view the site but after an hour about i was not able again to open the site and i had again to stop the firewall....

    So does it autostart?

    Thanks
     
  2. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    3:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yes with CSF Firewall http://centminmod.com/csf_firewall.html, csfstop or service csf stop it will auto restart

    what are you trying to do ? disable CSF ? I don't advise it as CSF protects your server ;)

    Code:
    csf -h
    csf: v7.03 (generic)
    csf(1)                                                                  csf(1)
    
    
    
    NAME
           csf - ConfigServer & Security Firewall
    
    SYNOPSIS
           csf [OPTIONS]
    
    DESCRIPTION
           This manual documents the csf command line options for the ConfigServer
           & Security Firewall. See /etc/csf/csf.conf and /etc/csf/readme.txt  for
           more detailed information on how to use and configure this application.
    
    OPTIONS
           -h,  --help
                  Show this message
    
           -l,  --status
                  List/Show the IPv4 iptables configuration
    
           -l6, --status6
                  List/Show the IPv6 ip6tables configuration
    
           -s,  --start
                  Start the firewall rules
    
           -f,  --stop
                  Flush/Stop firewall rules (Note: lfd may restart csf)
    
           -r,  --restart
                  Restart firewall rules
    
           -q,  --startq
                  Quick restart (csf restarted by lfd)
    
           -sf, --startf
                  Force CLI restart regardless of LFDSTART setting
    
           -a,  --add ip [comment]
                  Allow an IP and add to /etc/csf/csf.allow
    
           -ar, --addrm ip
                  Remove an IP from /etc/csf/csf.allow and delete rule
    
           -d,  --deny ip [comment]
                  Deny an IP and add to /etc/csf/csf.deny
    
           -dr, --denyrm ip
                  Unblock an IP and remove from /etc/csf/csf.deny
    
           -df, --denyf
                  Remove and unblock all entries in /etc/csf/csf.deny
    
           -g,  --grep ip
                  Search the iptables and ip6tables rules for a  match  (e.g.  IP,
                  CIDR, Port Number)
    
           -t,  --temp
                  Displays the current list of temporary allow and deny IP entries
                  with their TTL and comment
    
           -tr, --temprm ip
                  Remove an IP from the temporary IP ban or allow list
    
           -td, --tempdeny ip ttl [-p port] [-d direction] [comment]
                  Add an IP to the temp IP ban list. ttl is how long to blocks for
                  (default:seconds,  can  use one suffix of h/m/d). Optional port.
                  Optional direction of block can be one  of:  in,  out  or  inout
                  (default:in)
    
           -ta, --tempallow ip ttl [-p port] [-d direction] [comment]
                  Add an IP to the temp IP allow list (default:inout)
    
           -tf, --tempf
                  Flush all IPs from the temporary IP entries
    
           -cp, --cping
                  PING all members in an lfd Cluster
    
           -cd, --cdeny ip
                  Deny an IP in a Cluster and add to /etc/csf/csf.deny
    
           -ca, --callow ip
                  Allow an IP in a Cluster and add to /etc/csf/csf.allow
    
           -car, --carm ip
                  Remove    allowed    IP   in   a   Cluster   and   remove   from
                  /etc/csf/csf.allow
    
           -cr, --crm ip
                  Unblock an IP in a Cluster and remove from /etc/csf/csf.deny
    
           -cc, --cconfig [name] [value]
                  Change configuration option [name] to [value] in a Cluster
    
           -cf, --cfile [file]
                  Send [file] in a Cluster to /etc/csf/
    
           -crs, --crestart
                  Cluster restart csf and lfd
    
           -w,  --watch ip
                  Log SYN packets for an IP across iptables chains
    
           -m,  --mail [email]
                  Display Server Check in HTML or email to [email] if present
    
           -lr, --logrun
                  Initiate Log Scanner report via lfd
    
           --profile [command] [profile|backup] [profile|backup]
                  Configuration profile functions for /etc/csf/csf.conf
                  You can create your own profiles using the examples provided  in
                  /usr/local/csf/profiles/
                  The  profile  reset_to_defaults.conf  is a special case and will
                  always be the latest default csf.conf
    
                  list
                  Lists available profiles and backups
    
                  apply [profile]
                  Modify csf.conf with Configuration Profile
    
                  backup "name"
                  Create Configuration  Backup  with  optional  "name"  stored  in
                  /var/lib/csf/backup/
    
                  restore [backup]
                  Restore a Configuration Backup
    
                  keep [num]
                  Remove old Configuration Backups and keep the latest [num]
    
                  diff [profile|backup] [profile|backup]
                  Report  differences between Configuration Profiles or Configura-
                  tion Backups, only specify one [profile|backup]  to  compare  to
                  the current Configuration
    
           -c,  --check
                  Check for updates to csf but do not upgrade
    
           -u,  --update
                  Check for updates to csf and upgrade if available
    
           -uf    Force an update of csf whether and upgrade is required or not
    
           -x,  --disable
                  Disable csf and lfd completely
    
           -e,  --enable
                  Enable csf and lfd if previously disabled
    
           -v,  --version
                  Show csf version
    
    FILES
           /etc/csf/csf.conf
                  The system wide configuration file
           /etc/csf/readme.txt
                  Detailed information about csf and lfd
    
    BUGS
           Report bugs on the forums at http://forum.configserver.com
    
     
  3. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    7:50 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Yes i am thinking to disable it for a while.....

    so

    csf -x ?
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    3:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah
    Code:
    csf -x
    
    and to re-enable
    Code:
    csf -e