Admin-Ahead Community

Linux => General Linux => Topic started by: nirmal on November 17, 2013, 04:02:49 pm

Title: Block FTP access using the CSF firewall
Post by: nirmal on November 17, 2013, 04:02:49 pm

Block FTP access using the CSF firewall

1) If you want to completely disable the FTP access on the server then follow the steps :
root@server

• vi /etc/csf/csf.conf

Search for the lines :
# Allow incoming TCP ports
TCP_IN =
and remove the port 21 from the list
Save and quit .
And then restart the CSF firewall using the below command :
root@server

• csf -r

2) If you want to block FTP access for a Specific IP then follow the below steps :
root@server

• vi /etc/csf/csf.deny

and add the line :
tcp:in:d=21:s=10.10.10.10
save and quit
And then restart CSF firewall using the below command :
root@server

• csf -r

3) If you want to allow FTP access for only one ip on the server and denied for all other ips
follow the steps :
root@server

• vi /etc/csf/csf.conf

Then search for the line :
# Allow incoming TCP ports
and the remove the ports : 21 and 22
and also search for the line :
# Allow outgoing TCP ports
and remove the ports : 21 and 22
Save and quit

Then open the csf.allow file
root@server

• vi /etc/csf/csf.allow

and add the entry as :
tcp:in:d=21:s=10.10.10.10

Save and Quit.

And then restart the CSF service

root@server

• csf -r

Note : Replace the IP 10.10.10.10 with the Actual IP.