How to allow the port in CSF Firewall

Some applications runs on a specific ports which need to be opened in the server firewall. By default csf only allow few basic ports, in order to open/allow other ports you need to edit csf configuration file. This article will you to open ports in CSF firewall.

Steps to Open Ports in CSF:

1. Open the csf configuration file using any text editor:

vi /etc/csf/csf.conf

2. To open the ports in csf you need to edit the following lines:

# Allow incoming TCP ports
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,27889″
# Allow outgoing TCP ports
TCP_OUT = “20,21,22,25,53,80,110,113,443″
# Allow incoming UDP ports
UDP_IN = “20,21,53″
# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = “20,21,53,113,123″

3. To allow incoming TCP connection on specific port you need to update the following line:

# Allow incoming TCP ports
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,2222″

Add the port number at the end of the line between the quotes (“”). Use single comma to separate the port numbers. In the above line I added port 2222

4. To allow outgoing TCP connection you need to edit following line:

# Allow outgoing TCP ports
TCP_OUT = “20,21,22,25,53,80,110,113,443,2222″

In the above example I added port number 2222.

5. To allow the range of the ports in CSF use colon (e.g. 30000:35000)

# Allow incoming TCP ports
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,30000:35000″

In above example port numbers from 30000 to 35000 are allowed for incoming connection.

6. Now restart the csf firewall to reflect the changes.

csf -r 

Note: Please always make a copy of the configuration file before making any changes into it. You can restore the file if anything went wrong.