Want to subscribe to topics you're interested in?
Become a Member

CSF rsync and csf -f

Discussion in 'Other Centmin Mod Installed software' started by elargento, Jun 1, 2017.

  1. elargento

    elargento Member

    293
    16
    18
    Jan 4, 2016
    Ratings:
    +39
    Local Time:
    1:13 PM
    10
    Every time I run rsync from centminmod and sync files from a remote server I have to run
    csf -f

    If I don't do it I get a connection refused error.

    Any ideas what's going on? Maybe centmin is blocking the server since many files are being transferred through rsync?
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,898
    6,908
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,403
    Local Time:
    2:13 AM
    Nginx 1.13.x
    MariaDB 5.5
    no no do not to csf -f !

    Getting Started Guide step 4

    CSF Firewall controls what servers can connect to your server and what remote servers your server can connect to - CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS
     
  3. elargento

    elargento Member

    293
    16
    18
    Jan 4, 2016
    Ratings:
    +39
    Local Time:
    1:13 PM
    10
    :oops:

    Do I have to restore anything or does it just "unban" the remote server IP?
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,898
    6,908
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,403
    Local Time:
    2:13 AM
    Nginx 1.13.x
    MariaDB 5.5
    check csf help info
    Code (Text):
    csf -h
    

    csf -f flushes the firewall and lfd restart which can potentially lock you out of your server entirely !
    Code (Text):
    csf -h
    
    NAME
           csf - ConfigServer & Security Firewall
    
    SYNOPSIS
           csf [OPTIONS]
    
    DESCRIPTION
           This manual documents the csf command line options for the ConfigServer
           & Security Firewall. See /etc/csf/csf.conf and /etc/csf/readme.txt  for
           more detailed information on how to use and configure this application.
    
    OPTIONS
           -h,  --help
                  Show this message
    
           -l,  --status
                  List/Show the IPv4 iptables configuration
    
           -l6, --status6
                  List/Show the IPv6 ip6tables configuration
    
           -s,  --start
                  Start the firewall rules
    
           -f,  --stop
                  Flush/Stop firewall rules (Note: lfd may restart csf)
    
           -r,  --restart
                  Restart firewall rules (csf)
    
           -q,  --startq
                  Quick restart (csf restarted by lfd)
    
           -sf, --startf
                  Force CLI restart regardless of LFDSTART setting
    
           -ra, --restartall
                  Restart firewall rules (csf) and then restart lfd  daemon.  Both
                  csf and then lfd should be restarted after making any changes to
                  the configuration files
    
           --lfd [stop|start|restart|status]
                  Actions to take with the lfd daemon
    
           -a,  --add ip [comment]
                  Allow an IP and add to /etc/csf/csf.allow
    
           -ar, --addrm ip
                  Remove an IP from /etc/csf/csf.allow and delete rule
    
           -d,  --deny ip [comment]
                  Deny an IP and add to /etc/csf/csf.deny
    
           -dr, --denyrm ip
                  Unblock an IP and remove from /etc/csf/csf.deny
    
           -df, --denyf
                  Remove and unblock all entries in /etc/csf/csf.deny
    
           -g,  --grep ip
                  Search the iptables and ip6tables rules for a  match  (e.g.  IP,
                  CIDR, Port Number)
    
           -i,  --iplookup ip
                  Lookup IP address geographical information using CC_LOOKUPS set-
                  ting in /etc/csf/csf.conf
    
           -t,  --temp
                  Displays the current list of temporary allow and deny IP entries
                  with their TTL and comment
    
           -tr, --temprm ip
                  Remove an IP from the temporary IP ban or allow list
    
           -td, --tempdeny ip ttl [-p port] [-d direction] [comment]
                  Add an IP to the temp IP ban list. ttl is how long to blocks for
                  (default:seconds, can use one suffix of h/m/d).  Optional  port.
                  Optional  direction  of  block  can  be one of: in, out or inout
                  (default:in)
    
           -ta, --tempallow ip ttl [-p port] [-d direction] [comment]
                  Add an IP to the temp IP allow list (default:inout)
    
           -tf, --tempf
                  Flush all IPs from the temporary IP entries
    
           -cp, --cping
                  PING all members in an lfd Cluster
    
           -cg, --cgrep ip
                  Requests the --grep output for IP from each  member  in  an  lfd
                  Cluster
    
           -cd, --cdeny ip [comment]
                  Deny an IP in a Cluster and add to each remote /etc/csf/csf.deny
    
           -ctd, --ctempdeny ip ttl [-p port] [-d direction] [comment]
                  Add an IP in a Cluster to the temp IP ban list (default:in)
    
           -cr, --crm ip
                  Unblock  an  IP  in  a  Cluster  and  remove  from  each  remote
                  /etc/csf/csf.deny and temporary list
    
           -ca, --callow ip [comment]
                  Allow   an   IP   in   a   Cluster   and   add  to  each  remote
                  /etc/csf/csf.allow
    
           -cta, --ctempallow ip ttl [-p port] [-d direction] [comment]
                  Add an IP in a Cluster to the temp IP allow list (default:in)
    
           -car, --carm ip
                  Remove allowed IP in a  Cluster  and  remove  from  each  remote
                  /etc/csf/csf.allow and temporary list
    
           -cc, --cconfig [name] [value]
                  Change configuration option [name] to [value] in a Cluster
    
           -cf, --cfile [file]
                  Send [file] in a Cluster to /etc/csf/
    
           -crs, --crestart
                  Cluster restart csf and lfd
    
           -w,  --watch ip
                  Log SYN packets for an IP across iptables chains
    
           -m,  --mail [email]
                  Display Server Check in HTML or email to [email] if present
    
           --rbl [email]
                  Process  and  display  RBL  Check in HTML or email to [email] if
                  present
    
           -lr, --logrun
                  Initiate Log Scanner report via lfd
    
           -p, --ports
                  View ports on the server that have a running process behind them
                  listening for external connections
    
           --graphs [graph type] [directory]
                  Generate  System  Statistics  html  pages and images for a given
                  graph type into a given directory. See  ST_SYSTEM  for  require-
                  ments
    
           --profile [command] [profile|backup] [profile|backup]
                  Configuration profile functions for /etc/csf/csf.conf
                  You  can create your own profiles using the examples provided in
                  /usr/local/csf/profiles/
                  The profile reset_to_defaults.conf is a special  case  and  will
                  always be the latest default csf.conf
    
                  list
                  Lists available profiles and backups
    
                  apply [profile]
                  Modify csf.conf with Configuration Profile
    
                  backup "name"
                  Create  Configuration  Backup  with  optional  "name"  stored in
                  /var/lib/csf/backup/
    
                  restore [backup]
                  Restore a Configuration Backup
    
                  keep [num]
                  Remove old Configuration Backups and keep the latest [num]
    
                  diff [profile|backup] [profile|backup]
                  Report differences between Configuration Profiles or  Configura-
                  tion  Backups,  only  specify one [profile|backup] to compare to
                  the current Configuration
    
           -c,  --check
                  Check for updates to csf but do not upgrade
    
           -u,  --update
                  Check for updates to csf and upgrade if available
    
           -uf    Force an update of csf whether and upgrade is required or not
    
           -x,  --disable
                  Disable csf and lfd completely
    
           -e,  --enable
                  Enable csf and lfd if previously disabled
    
           -v,  --version
                  Show csf version
    
    FILES
           /etc/csf/csf.conf
                  The system wide configuration file
           /etc/csf/readme.txt
                  Detailed information about csf and lfd
    
    BUGS
           Report bugs on the forums at http://forum.configserver.com
    
    AUTHOR
           (c)2006-2017, Way to the Web Limited (http://www.configserver.com)