Add custom iptables rule with csf firewall

If you need to add a custom rule which is not able to do directly via csf commands, you can do it via /etc/csf/csfpre.sh or /etc/csf/csfpost.sh file.

Add the rule to /etc/csf/csfpre.sh or /etc/csf/csfpost.sh file and give execute permission and restart the csf.

csfpre.sh: To run external commands before csf configures iptables
csfpost.sh: To run external commands after csf configures iptables

For eg:

If you need to open a port for outgoing connections only for a specific ip, you can do it using this.

Steps

1. Login to server via ssh
2. Create the file and add the custom rules.

vi /etc/csf/csfpre.sh

/sbin/iptables -A OUTPUT -p tcp -d xxx.xxx.xxxx.xxx –dport <portno:> -j ACCEPT

eg :
/sbin/iptables -A OUTPUT -p tcp -d 117.165.25.2 —dport 3306 -j ACCEPT

3. Give execute permission to the file

chmod +x /etc/csf/csfpre.sh

4. Restart csf

csf -r

Thats it 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *