Facebook Twitter Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    You are at:Home»Security»How to Install and Configure CSF Firewall on Linux

    How to Install and Configure CSF Firewall on Linux

    By RahulNovember 19, 20153 Mins ReadUpdated:August 10, 2017

    ConfigServer Security & Firewall (CSF) is an iptables based firewall. It provides high level of security to Linux server using iptables. The installation of csf is very simple and straightforward. CSF supports most of commonly used Linux operating systems like Red Hat Enterprise Linux, CentOS, CloudLinux, Fedora, openSUSE, Debian, Ubuntu & Slackware. Read more about CSF. Follow the below steps to install CSF firewall in your Linux operating system and do some configuration.

    Advertisement

    LFD stands for Login Failure Daemon. Its an process that actively monitors the log file for user login entries and send the alerts to admin on basis of configured rules. read more about CSF.

    Install CSF Firewall

    This article will help you to install CSF on Linux system with very easy steps.

    Step 1: Download CSF Source Archive

    Download latest CSF archive source code from its official site and extract on your Linux box. Then extract source code.

    # cd /tmp
    # wget http://download.configserver.com/csf.tgz
    # tar xzf csf.tgz
    

    Step 2: Install CSF Firewall

    CSF provides a bash script to easily install it on any operating system. This script automatically detects your operating system and install CSF accordingly. Run install.sh script.

    # cd /opt/csf
    # sh install.sh
    

    Step 3: Test iptables modules

    Run the csftest.pl perl script to verify if all the required iptables modules are installed on your system to make is proper working.

    # perl /usr/local/csf/bin/csftest.pl
    
    Testing ip_tables/iptable_filter...OK
    Testing ipt_LOG...OK
    Testing ipt_multiport/xt_multiport...OK
    Testing ipt_REJECT...OK
    Testing ipt_state/xt_state...OK
    Testing ipt_limit/xt_limit...OK
    Testing ipt_recent...OK
    Testing xt_connlimit...OK
    Testing ipt_owner/xt_owner...OK
    Testing iptable_nat/ipt_REDIRECT...OK
    Testing iptable_nat/ipt_DNAT...OK
    
    RESULT: csf should function on this server
    

    Step 4: Enable and Restart CSF

    After successfully installing CSF on your system, You need to change following setting in csf.conf to enable CSF.

    # vim /etc/csf/csf.conf
    
    TESTING=0 
    

    Now type the following command on the terminal to restart CSF firewall and reload new changes.

    # csf -r
    

    Additional Settings:-

    Step 5: Enable CSF Web UI

    Use our following tutorial to enable web UI for CSF firewall on Linux system.

    https://tecadmin.net/how-to-enable-csf-firewall-web-ui/

    Step 6: Prevent DDOS Attacks

    Configure CSF+LDF to prevent server from DDOS attacks. To enable it edit /etc/csf/csf.conf and update following settings.

  • Total number of connections allowed from single host. To disable this feature, set this to 0
    CT_LIMIT = "20"
    
  • Connection Tracking interval in seconds.
    CT_INTERVAL = "30"
    
  • Sent email alerts for each blocked ip.
    CT_EMAIL_ALERT =1
    
  • Set this to 1 to block ips permanent.
    CT_PERMANENT = 1
    
  • If you opt for temporary IP blocks for CT, then the following is the interval
    in seconds that the IP will remained blocked

    CT_BLOCK_TIME = 1800
    
  • If you only want to count specific ports (e.g. 22,23,80,443) then add the ports. else keep it empty to check all ports
    CT_PORTS = "22,23,80,443"
    
  • CSF firewall iptables linux firewall server firewall
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    An Introduction to the “./configure” Command: Compiling Source Code in Linux

    Getting Started with Linux Command line: The Beginning

    Backing Up Your Linux System with Rsync: A Step-by-Step Guide

    View 2 Comments

    2 Comments

    1. Paran patel on November 25, 2013 6:05 pm

      Nice tutorial….. after installing csf I have added some custom rules using iptables command but rules flushed after csf restart…. plz help me to how can I add rules….

      Reply
      • Rahul on November 27, 2013 4:06 am

        Hi Paran,

        Read below post to implement custom iptables rules with CSF

        http://tecadmin.net/add-custom-iptables-rules-with-csf/

        Reply

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • Error: EACCES: permission denied, scandir (Resolved)
    • How To Install Python 3.11 on Ubuntu 22.04 / 20.04
    • How to Install Python 3.11 on Amazon Linux 2
    • An Introduction to the “./configure” Command: Compiling Source Code in Linux
    • How to Install PHP 8.x on Pop!_OS
    Facebook Twitter Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.