[?1049h[>4;2m[?1h=[?2004h[?12h[?12l[?25l"/etc/csf/csf.conf" 2678L, 111793C############################################################################### # SECTION:IPv4 Port Settings ############################################################################### # Lists of ports in the following comma separated lists can be added using a # colon (e.g. 30000:35000). # Some kernel/iptables setups do not perform stateful connection tracking # correctly (typically some virtual servers or custom compiled kernels), so a # SPI firewall will not function correctly. If this happens, LF_SPI can be set # to 0 to reconfigure csf as a static firewall. # # As connection tracking will not be configured, applications that rely on it # will not function unless all outgoing ports are opened. Therefore, all # outgoing connections will be allowed once all other tests have completed. So # TCP_OUT, UDP_OUT and ICMP_OUT will not have any affect. # # If you allow incoming DNS lookups you may need to use the following # directive in the options{} section of your named.conf: # # query-source port 53; # # This will force incoming DNS traffic only through port 53 # # Disabling this option will break firewall functionality that relies on # stateful packet inspection (e.g. DNAT, PACKET_FILTER) and makes the firewall # less secure # # This option should be set to "1" in all other circumstances LF_SPI = "1" # Allow incoming TCP ports TCP_IN = "3306,8443,8447,5224,20,21,22,25,53,80,110,143,443,465,587,993,995" # Allow outgoing TCP ports TCP_OUT = "3306,8443,8447,5224,20,21,22,25,53,80,110,113,443,587,993,995,465" # Allow incoming UDP ports UDP_IN = "20,21,53,80,443" # Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list  UDP_OUT = "20,21,53,113,123" # Allow incoming PING. Disabling PING will likely break external uptime # monitoring ICMP_IN = "1" # Set the per IP address incoming ICMP packet rate for PING requests. This # ratelimits PING requests which if exceeded results in silently rejected # packets. Disable or increase this value if you are seeing PING drops that you # do not want # # To disable rate limiting set to "0", otherwise set according to the iptables # documentation for the limit module. For example, "1/s" will limit to one # packet per second ICMP_IN_RATE = "1/s" # Allow outgoing PING # # Unless there is a specific reason, this option should NOT be disabled as it # could break OS functionality ICMP_OUT = "1" # Set the per IP address outgoing ICMP packet rate for PING requests. This # ratelimits PING requests which if exceeded results in silently rejected # packets. Disable or increase this value if you are seeing PING drops that you # do not want # # Unless there is a specific reason, this option should NOT be enabled as it # could break OS functionality142,764%[?25h[?25lv1-- VISUAL --1142,764%[?25h[?25li[?25h[?25l<20>1 [?25h[?25l [?25h[?25l[?25h[?25l[?25h[?25l[?25h[?25lt[?25h[?25lv1 [?25h[?25li[?25h[?25l^V1 [?25h[?25l^VBLOCK --1x1142,764%[?25h[?25l^V  142,764%[?25h[?25lType :qa and press to exit Vim142,764%[?25h[?25l^X 4[?25h[?25l^Z [?2004l[?1l>[?25h[>4;m[?1049l[?25h[?1049h[>4;2m[?1h=[?2004h[?12h[?12l[?25l############################################################################### # SECTION:IPv4 Port Settings ############################################################################### # Lists of ports in the following comma separated lists can be added using a # colon (e.g. 30000:35000). # Some kernel/iptables setups do not perform stateful connection tracking # correctly (typically some virtual servers or custom compiled kernels), so a # SPI firewall will not function correctly. If this happens, LF_SPI can be set # to 0 to reconfigure csf as a static firewall. # # As connection tracking will not be configured, applications that rely on it # will not function unless all outgoing ports are opened. Therefore, all # outgoing connections will be allowed once all other tests have completed. So # TCP_OUT, UDP_OUT and ICMP_OUT will not have any affect. # # If you allow incoming DNS lookups you may need to use the following # directive in the options{} section of your named.conf: # # query-source port 53; # # This will force incoming DNS traffic only through port 53 # # Disabling this option will break firewall functionality that relies on # stateful packet inspection (e.g. DNAT, PACKET_FILTER) and makes the firewall # less secure # # This option should be set to "1" in all other circumstances LF_SPI = "1" # Allow incoming TCP ports TCP_IN = "3306,8443,8447,5224,20,21,22,25,53,80,110,143,443,465,587,993,995" # Allow outgoing TCP ports TCP_OUT = "3306,8443,8447,5224,20,21,22,25,53,80,110,113,443,587,993,995,464" # Allow incoming UDP ports UDP_IN = "20,21,53,80,443" # Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list  UDP_OUT = "20,21,53,113,123" # Allow incoming PING. Disabling PING will likely break external uptime # monitoring ICMP_IN = "1" # Set the per IP address incoming ICMP packet rate for PING requests. This # ratelimits PING requests which if exceeded results in silently rejected # packets. Disable or increase this value if you are seeing PING drops that you # do not want # # To disable rate limiting set to "0", otherwise set according to the iptables # documentation for the limit module. For example, "1/s" will limit to one # packet per second ICMP_IN_RATE = "1/s" # Allow outgoing PING # # Unless there is a specific reason, this option should NOT be disabled as it # could break OS functionality ICMP_OUT = "1" # Set the per IP address outgoing ICMP packet rate for PING requests. This # ratelimits PING requests which if exceeded results in silently rejected # packets. Disable or increase this value if you are seeing PING drops that you # do not want # # Unless there is a specific reason, this option should NOT be enabled as it # could break OS functionality142,764%[?25h[?25l[?25h[?2004l[?1l>[>4;m[?1049lVim: Caught deadly signal HUP Vim: preserving files... Vim: Finished.