CSF Installation Guide Over Several Linux Distributions | Security | Linux Administration
CSF Installation Guide
Installation Guide – CSF
Config Server Firewall, widely known as CSF is used to enhance the security of server’s or system’s running over various Linux distributions (generic Linux OS). CSF can be installed over Linux based Plain machines, VPS or Servers. It also provides preconfigured configurations and control panel UI’s for cPanel, DirectAdmin, and Webmin.
Let’s begin with installation folks.
Installation Commands
cd /usr/src
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Test whether you have the required iptables modules:
perl /usr/local/csf/bin/csftest.pl
Configuring CSF
Edit file /etc/csf/csf.conf to configure CSF
Vim /etc/csf/csf.conf
Enabling CSF from Testing to Production Mode, by changing 1 to 0.
TESTING = "0"
Allowing Basic Ports through CSF
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995" TCP_OUT = "20,21,22,25,53,80,110,113,443" UDP_IN = "20,21,53" UDP_OUT = "20,21,53,113,123"
Apply the changes by Restarting CSF Firewall.
csf -r
Especially, CSF offers a wide range of other settings which are not listed in this tutorial. The default settings offered are generally good and can be used on almost any server. CSF offers prevention from several types of attacks which almost includes:
Login Tracking, Process Tracking, Directory Watching, Advanced Allow/Deny Filters, Block Reporting, Port Flood Protection, External Pre- and Post- Scripts, Port Knocking, Connection Limit Protection, Port/IP address Redirection, IP Block Lists, Exim SMTP AUTH Restriction.
Detailed instructions about the usage of these services can be read from CSF official documentation.
Useful CLI Commands For CSF
- Start the firewall
csf -s
- Flush/Stop firewall
csf -f
- Restart the firewall
csf -r
- Allow an IP and add to /etc/csf/csf.allow
csf -tr 192.168.0.1
- Remove an IP from temporarily allow list
csf -tr 192.168.0.1
- Flush all IPs from the temporarily allow list
csf -tf 192.168.0.1
- Deny an IP and add to /etc/csf/csf.deny
csf -d
- Unblock an IP and remove from /etc/csf/csf.deny
csf -dr 192.168.0.1
- Remove and unblock all entries in /etc/csf/csf.deny
csf -df 192.168.0.1
Finally, we are coming to an end. Hope this tutorial would be “AS STRAIGHT AS ARROW” for you all. Kindly support & share if you find this tutorial helpful.
hey there and thank you for yopur info ? I have definitely picked up
something new from rifht here. I ddid hwever expertise a few technical points using tbis web site, as I experienced to reload the web site lots of times
previous to I could get itt to load properly.
I had been wondering if your weeb host is OK? Nott that I am
complaining, but slow loading instances times will sometimes
affect your placement inn googgle and could damage yor quality score iff ads
and marketing with Adwords. Anyway I’m adding this RSS to my e-mail and can look out for mjch morde of your respective fascinating content.
Make sure you update this again very soon.