> ## Documentation Index
> Fetch the complete documentation index at: https://citodocs.prostack.host/llms.txt
> Use this file to discover all available pages before exploring further.

# Firewall

> Manage server firewall with CSF commands

We use the `csf` utility to manage the server firewall. This makes it straightforward to manage IP whitelist/blacklist operations.

By default, only required ports (e.g. 80 & 443) are open, with all the rest closed. If you require additional ports opened please contact Support.

Below are some of the common CSF commands you may need. All of these should be performed as the `admin` user.

## Whitelist an IP

```bash theme={null}
sudo csf -a <ip>
```

Adds an IP to the whitelist.

### Remove a whitelisted IP

```bash theme={null}
sudo csf -ar <ip>
```

Deletes an IP whitelist.

## Block an IP

```bash theme={null}
sudo csf -d <ip>
```

Blocks an IP address. Note that if you're using Cloudflare you may need to block the IP there too.

### Remove an IP block

```bash theme={null}
sudo csf -dr <ip>
```

Deletes an IP block.

## Check if an IP is whitelisted or blocked

```bash theme={null}
sudo csf -g <ip>
```

Checks `iptables` to see if a given IP address is allowed or denied in the firewall (and why).

## Further reading

CSF has an extensive readme which can be found [here](https://download.configserver.com/csf/readme.txt).

<Warning>
  **Caution**

  Please be cautious when making firewall changes- it can be easy to lock yourself out of the server by doing so. Support can advise on advanced configuration changes if required.
</Warning>
