Skip to content

Firewall

We use the csf utility to manage the server firewall. This makes it straightforward to manage IP whitelist/blacklist operations.

By default, only required ports (e.g. 80 & 443) are open, with all the rest closed. If you require additional ports opened please contact Support.

Below are some of the common CSF commands you may need. All of these should be performed as the admin user.

Whitelist an IP

sudo csf -a <ip>

Adds an IP to the whitelist.

Remove a whitelisted IP

sudo csf -ar <ip>

Deletes an IP whitelist.

Block an IP

sudo csf -d <ip>

Blocks an IP address. Note that if you're using Cloudflare you may need to block the IP there too.

Remove an IP block

sudo csf -dr <ip>

Deletes an IP block.

Check if an IP is whitelisted or blocked

sudo csf -g <ip>

Checks iptables to see if a given IP address is allowed or denied in the firewall (and why).

Further reading

CSF has an extensive readme which can be found here.

Caution

Please be cautious when making firewall changes- it can be easy to lock yourself out of the server by doing so. Support can advise on advanced configuration changes if required.