List of content you will read in this article:
- 1. What is CSF?
- 2. How to Install ConfigServer Firewall on Linux
- 3. How to Configure CSF
- 4. How to Remove CSF Firewall
- 5. Final Thoughts
Firewalls are one of the key steps to having a secure server. They analyze incoming traffic based on pre-established rules and filter out traffic from unsecure or suspicious sources. While it is best to have both hardware and software firewalls, our focus today lies on the latter. More specifically, we will discuss the ConfigServer Firewall (i.e., CSF) and show you how to install it on Linux systems. Let’s get right into it.
What is CSF?
ConfigServer Firewall, also known as CSF, is a firewall configuration script created to provide better security for your server while giving you an advanced, easy to use interface for managing firewall settings.
How to Install ConfigServer Firewall on Linux
In this article, we will go through the steps on installing and configuring CSF. Today we will show you:
- How to install CSF
- How to configure it
- How to use CSF as a firewall and intrusion detection system
In order to start with this tutorial, you’re going to need a reliable Linux VPS provider. With our SSD-based Linux VPS, you have all the hardware ready, so let’s get started!
The Prerequisites:
Perl and libwww are prerequisites to install CSF.
# yum install perl-libwww-perl
# apt install libwww-perl
Step 1: Download CSF
# cd /usr/src
# wget https://download.configserver.com/csf.tgz
Step 2: Extract the CSF tarball
# tar xzf csf.tgz
# cd csf
Step 3: Run the CSF Installation Script
- Check all dependencies are installed
- Create the necessary directory structures
- Detect currently open ports
- restart the csf and lfd daemons after initial configuration
# sh install.sh
# perl /usr/local/csf/bin/csftest.pl
The output of the above command will look like this:
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server
Step 4: Disable Firewall and Configure CSF
Disable firewalld (if running) and configure CSF
# systemctl stop firewalld
# systemctl disable firewalld
Change TESTING = "1" to TESTING = "0" and list allowed incoming and outgoing ports as a comma-separated list in /etc/csf/csf.conf as shown in output:
# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. incase you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
#
# lfd will not start while this is enabled
TESTING = "0"
# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"
Save the changes and return to the command line.
Step 5: Restart and Test CSF
# systemctl restart {csf,lfd}
# systemctl enable {csf,lfd}
# systemctl is-active {csf,lfd}
# csf -v
Step 6: Setting up CSF and Intrusion Detection Rules
Inspect the current firewall rules as follows:
# csf -l
You can also stop them or reload them with:
# csf -f
# csf -r
Check after making changes and restarting csf and lfd.
How to Configure CSF
Here are some examples of how you can use the CSF firewall to whitelist and blacklist IPs, limit incoming connections, and send alerts via email. Of course, there is still much more you can do with CSF.
Example 1 – Allowing and Forbidding IP Addresses
To allow incoming connections from 192.168.0.10.
# csf -a 192.168.0.10
You can deny connections originating from 192.168.0.11.
# csf -d 192.168.0.11
Remove each of the above rules.
# csf -ar 192.168.0.10
# csf -dr 192.168.0.11
The output will be as follows:
Use of -ar or -dr above removes existing allow and deny rules:
Example 2 – Limiting Incoming Connections by Source
- Open /etc/csf/csf.conf
- Search for CONNLIMIT
- Specify multiple ports
- connections pairs separated by commas
CONNLIMIT = "22;2,80;10"
Example 3 – Sending Alerts via Email
- Look for EMAIL_ALERT
- Search in /etc/csf/csf.conf
- Set to "1" to receive
LF_SSH_EMAIL_ALERT = "1"
LF_SU_EMAIL_ALERT = "1"
CSF Configuration Options and Usage
- Modify and control csf configuration
- Configuration files of csf are located under /etc/csf directory
- Restart the csf daemon to make changes
csf.conf : The main configuration file for controlling CSF
csf.allow : The list of allowed IP’s and CIDR addresses on the firewall
csf.deny : The list of denied IP’s and CIDR addresses on the firewall
csf.ignore : The list of ignored IP’s and CIDR addresses on the firewall
csf.*ignore : The list of various ignore files of users, IP’s
How to Remove CSF Firewall
Run the following script located under /etc/csf/uninstall.sh directory.
# /etc/csf/uninstall.sh
It will erase the CSF firewall completely with all the files and folders.
Final Thoughts
Congratulations on making it to the end of this tutorial! We hope you are now more acquainted with firewalls, their importance, and what they do. Let us know in the comments below if this installation tutorial worked, and if you liked it then you can share it with your friends.
I'm fascinated by the IT world and how the 1's and 0's work. While I venture into the world of Technology, I try to share what I know in the simplest way with you. Not a fan of coffee, a travel addict, and a self-accredited 'master chef'.