CSF rsync and csf -f

elargento · Jun 1, 2017

Every time I run rsync from centminmod and sync files from a remote server I have to run
csf -f

If I don't do it I get a connection refused error.

Any ideas what's going on? Maybe centmin is blocking the server since many files are being transferred through rsync?

eva2000 · Jun 1, 2017

no no do not to csf -f !

Getting Started Guide step 4

If you have any other servers which you want to connect to/from this Centmin Mod install. You'd want to whitelist and allow them from CSF Firewall
Click to expand...

CSF Firewall controls what servers can connect to your server and what remote servers your server can connect to - CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS

If you have problems using SCP, SFTP, rsync, or other commands trying to connect to or from a remote server to your Centmin Mod server, you will need to whitelist the remote server's IP address as per above command. Common, situation would be connecting to a remote MySQL server which you need to whitelist remote MySQL server IP address as well as edit /etc/csf/csf.conf to add to TCP_OUT the default MySQL port 3306. Then restart CSF firewall service.
Click to expand...

elargento · Jun 1, 2017

eva2000 said: ↑

no no do not to csf -f !
Click to expand...

Do I have to restore anything or does it just "unban" the remote server IP?

eva2000 · Jun 1, 2017

check csf help info

Code (Text):

csf -h

csf -f flushes the firewall and lfd restart which can potentially lock you out of your server entirely !

Code (Text):

csf -h

NAME
       csf - ConfigServer & Security Firewall

SYNOPSIS
       csf [OPTIONS]

DESCRIPTION
       This manual documents the csf command line options for the ConfigServer
       & Security Firewall. See /etc/csf/csf.conf and /etc/csf/readme.txt  for
       more detailed information on how to use and configure this application.

OPTIONS
       -h,  --help
              Show this message

       -l,  --status
              List/Show the IPv4 iptables configuration

       -l6, --status6
              List/Show the IPv6 ip6tables configuration

       -s,  --start
              Start the firewall rules

       -f,  --stop
              Flush/Stop firewall rules (Note: lfd may restart csf)

       -r,  --restart
              Restart firewall rules (csf)

       -q,  --startq
              Quick restart (csf restarted by lfd)

       -sf, --startf
              Force CLI restart regardless of LFDSTART setting

       -ra, --restartall
              Restart firewall rules (csf) and then restart lfd  daemon.  Both
              csf and then lfd should be restarted after making any changes to
              the configuration files

       --lfd [stop|start|restart|status]
              Actions to take with the lfd daemon

       -a,  --add ip [comment]
              Allow an IP and add to /etc/csf/csf.allow

       -ar, --addrm ip
              Remove an IP from /etc/csf/csf.allow and delete rule

       -d,  --deny ip [comment]
              Deny an IP and add to /etc/csf/csf.deny

       -dr, --denyrm ip
              Unblock an IP and remove from /etc/csf/csf.deny

       -df, --denyf
              Remove and unblock all entries in /etc/csf/csf.deny

       -g,  --grep ip
              Search the iptables and ip6tables rules for a  match  (e.g.  IP,
              CIDR, Port Number)

       -i,  --iplookup ip
              Lookup IP address geographical information using CC_LOOKUPS set-
              ting in /etc/csf/csf.conf

       -t,  --temp
              Displays the current list of temporary allow and deny IP entries
              with their TTL and comment

       -tr, --temprm ip
              Remove an IP from the temporary IP ban or allow list

       -td, --tempdeny ip ttl [-p port] [-d direction] [comment]
              Add an IP to the temp IP ban list. ttl is how long to blocks for
              (default:seconds, can use one suffix of h/m/d).  Optional  port.
              Optional  direction  of  block  can  be one of: in, out or inout
              (default:in)

       -ta, --tempallow ip ttl [-p port] [-d direction] [comment]
              Add an IP to the temp IP allow list (default:inout)

       -tf, --tempf
              Flush all IPs from the temporary IP entries

       -cp, --cping
              PING all members in an lfd Cluster

       -cg, --cgrep ip
              Requests the --grep output for IP from each  member  in  an  lfd
              Cluster

       -cd, --cdeny ip [comment]
              Deny an IP in a Cluster and add to each remote /etc/csf/csf.deny

       -ctd, --ctempdeny ip ttl [-p port] [-d direction] [comment]
              Add an IP in a Cluster to the temp IP ban list (default:in)

       -cr, --crm ip
              Unblock  an  IP  in  a  Cluster  and  remove  from  each  remote
              /etc/csf/csf.deny and temporary list

       -ca, --callow ip [comment]
              Allow   an   IP   in   a   Cluster   and   add  to  each  remote
              /etc/csf/csf.allow

       -cta, --ctempallow ip ttl [-p port] [-d direction] [comment]
              Add an IP in a Cluster to the temp IP allow list (default:in)

       -car, --carm ip
              Remove allowed IP in a  Cluster  and  remove  from  each  remote
              /etc/csf/csf.allow and temporary list

       -cc, --cconfig [name] [value]
              Change configuration option [name] to [value] in a Cluster

       -cf, --cfile [file]
              Send [file] in a Cluster to /etc/csf/

       -crs, --crestart
              Cluster restart csf and lfd

       -w,  --watch ip
              Log SYN packets for an IP across iptables chains

       -m,  --mail [email]
              Display Server Check in HTML or email to [email] if present

       --rbl [email]
              Process  and  display  RBL  Check in HTML or email to [email] if
              present

       -lr, --logrun
              Initiate Log Scanner report via lfd

       -p, --ports
              View ports on the server that have a running process behind them
              listening for external connections

       --graphs [graph type] [directory]
              Generate  System  Statistics  html  pages and images for a given
              graph type into a given directory. See  ST_SYSTEM  for  require-
              ments

       --profile [command] [profile|backup] [profile|backup]
              Configuration profile functions for /etc/csf/csf.conf
              You  can create your own profiles using the examples provided in
              /usr/local/csf/profiles/
              The profile reset_to_defaults.conf is a special  case  and  will
              always be the latest default csf.conf

              list
              Lists available profiles and backups

              apply [profile]
              Modify csf.conf with Configuration Profile

              backup "name"
              Create  Configuration  Backup  with  optional  "name"  stored in
              /var/lib/csf/backup/

              restore [backup]
              Restore a Configuration Backup

              keep [num]
              Remove old Configuration Backups and keep the latest [num]

              diff [profile|backup] [profile|backup]
              Report differences between Configuration Profiles or  Configura-
              tion  Backups,  only  specify one [profile|backup] to compare to
              the current Configuration

       -c,  --check
              Check for updates to csf but do not upgrade

       -u,  --update
              Check for updates to csf and upgrade if available

       -uf    Force an update of csf whether and upgrade is required or not

       -x,  --disable
              Disable csf and lfd completely

       -e,  --enable
              Enable csf and lfd if previously disabled

       -v,  --version
              Show csf version

FILES
       /etc/csf/csf.conf
              The system wide configuration file
       /etc/csf/readme.txt
              Detailed information about csf and lfd

BUGS
       Report bugs on the forums at http://forum.configserver.com

AUTHOR
       (c)2006-2017, Way to the Web Limited (http://www.configserver.com)

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

CSF rsync and csf -f

elargento Member

eva2000 Administrator Staff Member

elargento Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

CSF rsync and csf -f

elargento Member

eva2000 Administrator Staff Member

elargento Member

eva2000 Administrator Staff Member

.