Add custom iptables rule with csf firewall

If you need to add a custom rule which is not able to do directly via csf commands, you can do it via /etc/csf/ or /etc/csf/ file.

Add the rule to /etc/csf/ or /etc/csf/ file and give execute permission and restart the csf. To run external commands before csf configures iptables To run external commands after csf configures iptables

For eg:

If you need to open a port for outgoing connections only for a specific ip, you can do it using this.


1. Login to server via ssh
2. Create the file and add the custom rules.

vi /etc/csf/

/sbin/iptables -A OUTPUT -p tcp -d –dport <portno:> -j ACCEPT

eg :
/sbin/iptables -A OUTPUT -p tcp -d —dport 3306 -j ACCEPT

3. Give execute permission to the file

chmod +x /etc/csf/

4. Restart csf

csf -r

Thats it 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *