Custom iptables rules with CSF Firewall

CSF (ConfigServer Filewall) is an iptables based firewall, provides easier way to implement iptables rules. Some times we need to add some specific rules (e.g. iptables rules not covered by csf) to add in CSF. If we add these rules using iptables command directly from shell, they will erased on next CSF-restart. After installing CSF firewall on Linux, This article will help you to how to add custom iptables rules with CSF.

CSF provides pre and post scripts which executes before or after CSF rules setup. For example you want to Forward something like I do. You can add following rules to pre or post script:

csfpre.sh: To run external commands before csf configures iptables
csfpost.sh: To run external commands after csf configures iptables

Inside /etc/csf/ folder.

Before-CSF Rules

csfpre.sh: Create file /etc/csf/csfpre.sh and add following command.

/sbin/iptables -A FORWARD -i br0 -j ACCEPT
/sbin/iptables -A FORWARD -o br0 -j ACCEPT
Or after-CSF Rules

csfpost.sh: Create an file /etc/csf/csfpost.sh and add following command.

/sbin/iptables -A FORWARD -i br0 -j ACCEPT
/sbin/iptables -A FORWARD -o br0 -j ACCEPT
Restart-CSF

To restart CSF simply type below command. CSF produce lots of output so you may not see entire output in one script, so also add more command to see page wise results.

# csf -r | more
Known issue

Use full paths for commands (/sbin/iptables and no iptables)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.