bashcsf

Remove CSF 'do not delete' IP entries with bash


Is there a way to remove CSF IPs (automatically using bash) that have comment # do not delete append to it? For example this list below:

1.1.1.1 # do not delete
1.2.3.4 # This is another IP # do not delete
1.2.3.5 # This IP is bad # do not delete

If I remove the IP 1.1.1.1 using CSF like this:

csf -dr 1.1.1.1

I will get this error:

csf: 1.1.1.1 set as "do not delete" - not removed

Of course I can remove this IP perfectly by editing csf.deny and manually remove that comment line # do not delete, then when I run csf -d 1.1.1.1 it will get deleted.

Does CSF has this option to force remove this entry or is there alternative way to do this automatically via bash script? There are more than few hundred entries that have this # do not delete. So, this is not easy to do manually.


Solution

  • You can use grep command without using csf -dr:

    #!/bin/bash
    
    # Find IP:
    
    ip="1.1.1.1"
    
    search_csf_ip_without_comment=$(grep -w "^${ip}" "/etc/csf/csf.deny")
    
    # If IP found:
    
    if [[ -n "${search_csf_ip_without_comment}" ]]; then
      echo "IP found, remove and restarting csf ..." 
        grep -wv "^${ip}" "/etc/csf/csf.deny" >write.tmp && mv write.tmp "/etc/csf/csf.deny"
    
       csf -r > /dev/null
    else
    
      echo "IP not found"
    fi