CSF (ConfigServer Filewall) is an iptables based firewall, provides easier way to implement iptables rules. Some times we need to add some specific rules (e.g. iptables rules not covered by csf) to add in CSF. If we add these rules using iptables command directly from shell, they will erased on next CSF-restart. After installing CSF firewall on Linux, This article will help you to how to add custom iptables rules with CSF.
CSF provides pre and post scripts which executes before or after CSF rules setup. For example you want to Forward something like I do. You can add following rules to pre or post script:
|
1 2 |
csfpre.sh: To run external commands before csf configures iptables csfpost.sh: To run external commands after csf configures iptables |
Inside /etc/csf/ folder.
Before-CSF Rules
csfpre.sh: Create file /etc/csf/csfpre.sh and add following command.
|
1 2 |
/sbin/iptables -A FORWARD -i br0 -j ACCEPT /sbin/iptables -A FORWARD -o br0 -j ACCEPT |
Or after-CSF Rules
csfpost.sh: Create an file /etc/csf/csfpost.sh and add following command.
|
1 2 |
/sbin/iptables -A FORWARD -i br0 -j ACCEPT /sbin/iptables -A FORWARD -o br0 -j ACCEPT |
Restart-CSF
To restart CSF simply type below command. CSF produce lots of output so you may not see entire output in one script, so also add more command to see page wise results.
|
1 |
# csf -r | more |
Known issue
Use full paths for commands (/sbin/iptables and no iptables)