CSF Installation Guide Over Several Linux Distributions | Security | Linux Administration
Installation Guide – CSF
Config Server Firewall, widely known as CSF is used to enhance the security of server’s or system’s running over various Linux distributions (generic Linux OS). CSF can be installed over Linux based Plain machines, VPS or Servers. It also provides preconfigured configurations and control panel UI’s for cPanel, DirectAdmin, and Webmin.
Let’s begin with installation folks.
tar -xzf csf.tgz
Test whether you have the required iptables modules:
Edit file /etc/csf/csf.conf to configure CSF
Enabling CSF from Testing to Production Mode, by changing 1 to 0.
TESTING = "0"
Allowing Basic Ports through CSF
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995" TCP_OUT = "20,21,22,25,53,80,110,113,443" UDP_IN = "20,21,53" UDP_OUT = "20,21,53,113,123"
Apply the changes by Restarting CSF Firewall.
Especially, CSF offers a wide range of other settings which are not listed in this tutorial. The default settings offered are generally good and can be used on almost any server. CSF offers prevention from several types of attacks which almost includes:
Login Tracking, Process Tracking, Directory Watching, Advanced Allow/Deny Filters, Block Reporting, Port Flood Protection, External Pre- and Post- Scripts, Port Knocking, Connection Limit Protection, Port/IP address Redirection, IP Block Lists, Exim SMTP AUTH Restriction.
Detailed instructions about the usage of these services can be read from CSF official documentation.
Useful CLI Commands For CSF
- Start the firewall
- Flush/Stop firewall
- Restart the firewall
- Allow an IP and add to /etc/csf/csf.allow
csf -tr 192.168.0.1
- Remove an IP from temporarily allow list
csf -tr 192.168.0.1
- Flush all IPs from the temporarily allow list
csf -tf 192.168.0.1
- Deny an IP and add to /etc/csf/csf.deny
- Unblock an IP and remove from /etc/csf/csf.deny
csf -dr 192.168.0.1
- Remove and unblock all entries in /etc/csf/csf.deny
csf -df 192.168.0.1
Finally, we are coming to an end. Hope this tutorial would be “AS STRAIGHT AS ARROW” for you all. Kindly support & share if you find this tutorial helpful.