The ConfigServer Firewall (CSF) is one of the most popular and advanced firewall suites available for Linux machines. Though it has more advanced configuration options, it's too easy to install and flexible to configure. This article will guide you in installing CSF.
Please note that the following tutorial only applies to VPS or Dedicated Servers.
1. Log in to your server via SSH with the root user and retrieve the CSF package files using the wget command.
wget https://download.configserver.com/csf.tgz
2. Unpack the downloaded archive.
tar xfz csf.tgz
3. Navigate to the uncompressed csf directory.
cd csf
4. Run the installer.
sh install.sh
It will create the configuration file and add the necessary cPanel services to allow the list. Once the firewall is installed, you will see a message similar to the following –
TCP ports currently listening for incoming connections:
21, 22, 25, 53, 80, 110, 143, 443, 465, 993, 995, 2077, 2078, 2082, 2083, 2086, 2087, 2095, 2096, 3306
UDP ports currently listening for incoming connections:
53,123
Note
The port details above are for information only; CSF hasn't been auto-configured.
Don't forget -
1. Configure the TCP_IN, TCP_OUT, UDP_IN, and UDP_OUT options in the CSF configuration to suit your server.
2. Restart CSF and LFD.
3. Set TESTING to 0 once you're satisfied with the firewall.
Adding the current SSH session IP Address to the CSF whitelist in csf.allow:
Adding 10.30.6.17 to csf.allow only while in TESTING
mode (not iptables ACCEPT)
*WARNING* TESTING mode is enabled
- do not forget to disable it in the configuration
Installation Completed
1. Start CSF testing mode by following this command –
systemctl start csf
2. Once you finish the testing, bring CSF out of testing mode by editing the csf.conffile.
3. Open this file in any editor of your choice; we have used Nano Editor to edit this file as follows –
nano /etc/csf/csf.conf
4. At the top of this file, you will find the following text block –
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
TESTING = "1"
5. Edit the last line of this block and save the changes.
TESTING = "0"
6. Restart the CSF.
That's it; your CSF firewall is up and running.
systemctl restart csf