ConfigServer Firewall, also known as CSF, is a firewall configuration script created to provide better security for your server while giving you an advanced, easy to use interface for managing firewall settings.
Also here is complete guide to secure Linux Server.
In this article we will go through the steps on installing and configuring CSF.
Summary
This article contains information about:
- How to install CSF
- How to configure it
- How to use CSF as a firewall and intrusion detection system
In order to start with this tutorial you’re going to need a reliable Linux VPS provider. With our SSD based Linux VPS you won
Let’s get started!
Perl and libwww is a prerequisite to install CSF.
# yum install perl-libwww-perl
# apt install libwww-perl
Step 1 – Download CSF
# cd /usr/src
# wget https://download.configserver.com/csf.tgz
Step 2 – Extract the CSF tarball
# tar xzf csf.tgz
# cd csf
Step 3 – Run the CSF Installation Script
- Check all dependencies are installed
- Create the necessary directory structures
- Detect currently open ports
- restart the csf and lfd daemons after initial configuration
# sh install.sh
# perl /usr/local/csf/bin/csftest.pl
Output of the above command is as follows:
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server
Step 4: Disable Firewall and Configure CSF
Disable firewalld if running and configure CSF
# systemctl stop firewalld
# systemctl disable firewalld
Change TESTING = "1" to TESTING = "0"
List allowed incoming and outgoing ports as a comma-separated list
/etc/csf/csf.conf as shown in output:
# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. incase you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
#
# lfd will not start while this is enabled
TESTING = "0"
# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"
Save the changes and return to the command line.
Step 5 – Restart and Test CSF
# systemctl restart {csf,lfd}
# systemctl enable {csf,lfd}
# systemctl is-active {csf,lfd}
# csf -v
Setting up CSF and Intrusion Detection Rules
Inspect the current firewall rules as follows:
# csf -l
You can also stop them or reload them with:
# csf -f
# csf -r
Check after making changes and restarting csf and lfd.
Example 1 – Allowing and Forbidding IP Addresses
To allow incoming connections from 192.168.0.10.
# csf -a 192.168.0.10
You can deny connections originating from 192.168.0.11.
# csf -d 192.168.0.11
Remove each of the above rules.
# csf -ar 192.168.0.10
# csf -dr 192.168.0.11
The output will be as follow:
Use of -ar or -dr above removes existing allow and deny rules:
Example 2 – Limiting Incoming Connections by Source
- Open /etc/csf/csf.conf
- Search for CONNLIMIT
- Specify multiple ports
- connections pairs separated by commas
CONNLIMIT = "22;2,80;10"
Example 3 – Sending Alerts via Email
- Look for EMAIL_ALERT
- Search in /etc/csf/csf.conf
- Set to "1" to receive
LF_SSH_EMAIL_ALERT = "1"
LF_SU_EMAIL_ALERT = "1"
CSF Configuration Options and Usage
- Modify and control csf configuration
- Configuration files of csf are located under /etc/csf directory
- Restart the csf daemon to make changes
csf.conf :
The main configuration file for controlling CSF
csf.allow :
The list of allowed IP’s and CIDR addresses on the firewall
csf.deny :
The list of denied IP’s and CIDR addresses on the firewall
csf.ignore :
The list of ignored IP’s and CIDR addresses on the firewall
csf.*ignore :
The list of various ignore files of users, IP’s
Remove CSF Firewall
Run the following script located under /etc/csf/uninstall.sh directory.
# /etc/csf/uninstall.sh
It will erase the CSF firewall completely with all the files and folders.
Final Thoughts!
Congratulations on making it to the end! Let us know in the comments below if this tutorial worked, and if you liked it then you can share it among your friends.
I'm fascinated by the IT world and how the 1's and 0's work. While I veture into the world of Technology I try to share what I know in the simplest way possible. Not a fan of coffee, a sweet addict and a self accredited 'master chef'.