We have already discussed about installing  the ConfigServer firewall (CSF) in linux. The post you will be using most common commands and changes in the configuration file.

Allow port number in Firewall:

Below ports are opened by defaults,

# vi /etc/csf/csf.conf

##Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"

##Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443"

##Allow incoming UDP ports
UDP_IN = "20,21,53"

##To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "20,21,53,113,123"

For example if you want to set MySQL port 3306  should be opened  give comma(,) add the port in TCP_IN and TCP_OUT.
After chnages:
 
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,3306"
TCP_OUT = "20,21,22,25,53,80,110,113,443,3306"

How to block IP Address:
 
# csf -d 123.123.123.123 "Mentions the reason block IP"

Adding 124.153.121.166 to csf.deny and iptables DROP...
DROP  all opt -- in !lo out *  123.123.123.123  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 123.123.123.123
Deny an IP address and added to /etc/csf/csf.deny directory

How to unblock an IP address :
 
# csf -dr 123.123.123.123

Removing rule...
DROP  all opt -- in !lo out *  123.123.123.123  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 123.123.123.123
Unblock an IP address and removed from /etc/csf/csf.deny directory

How to allow an IP address permenatly:
 
# csf -a 192.168.0.1 "server IP"

Adding 192.168.0.1 to csf.allow and iptables ACCEPT...
ACCEPT  all opt -- in !lo out *  192.168.0.1  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.0.1 
Allow an IP address and added to /etc/csf/csf.allow 

How to Deny or Allow  countries:

Search the option  CC_DENY or CC_ALLOW and added the country codes.

Each option is a comma separated list of CC's
 
CC_DENY = "IR,CN,NL,IQ,IE,IL"
CC_ALLOW = "IN"

How Ignore the LFD email alert at particular user.

Enter the user id to csf.uidignore file,
 
# vi /etc/csf/csf.uidignore   
500

You can get a user id from   /etc/passwd

How to set alert  email  report from server :

Do you get an alert report email from the server lfd will send  the relevant alert template to configured email
 
# vi /etc/csf/csf.conf

LF_ALERT_TO = "alert@mydomain.com"

Executables (exe) command lines (cmd) and usernames (user) that lfd process tracking will ignore open the csf pignore file and add the exe path, for example three executable files ignored.
 
#vi /etc/csf/csf.pignore

exe:/usr/local/libexec/dovecot/imap-login
exe:/usr/java/jdk1.6.0_24/bin/java
exe:/usr/java/jdk1.7.0/bin/java

If you curious more csf command ask help :
 
# csf --help
csf: v7.03 (cPanel)
...