How to Install and Configure CSF Firewall on Linux

ConfigServer Security & Firewall (CSF) is a popular and powerful firewall solution for Linux servers. It provides a user-friendly interface and a wide range of security features to protect your server from various threats. In this article, we will guide you through the process of installing and configuring CSF on your Linux server.

Step 1: Prerequisites

Before installing CSF, ensure that your server meets the following prerequisites:

A Linux server running CentOS, Debian, Ubuntu, or any other compatible Linux distribution.
Root access or a user account with sudo privileges.
Perl installed on your server. If Perl is not installed, you can install it by running the following commands:
- For CentOS/RHEL:
```
sudo yum install perl 
```
- For Debian/Ubuntu:
```
sudo apt-get update 
sudo apt-get install perl 
```

Step 2: Download and Install CSF

To download and install CSF, follow these steps:

Log in to your server via SSH.
Download the latest version of CSF using the wget command:
```
wget https://download.configserver.com/csf.tgz 
```
Extract the downloaded archive:
```
tar -xzf csf.tgz 
```
Navigate to the extracted directory:
```
cd csf 
```
Run the installation script:
```
sudo sh install.sh 
```

CSF will now be installed on your server, along with its Web UI (ConfigServer Firewall & Security) if you have a control panel like cPanel or DirectAdmin installed.

Step 3: Testing the Firewall

Before enabling and configuring CSF, it is crucial to test whether it is compatible with your server. Run the following command to initiate the test:

sudo perl /usr/local/csf/bin/csftest.pl

The test will check for any potential issues or conflicts. If the test completes successfully, you will see the message “RESULT: csf should function on this server.” If there are any problems, the test will provide information on how to resolve them.

Step 4: Configuring CSF

Now that CSF is installed, you can start configuring it to suit your server’s requirements. The main configuration file for CSF is located at /etc/csf/csf.conf. You can use your preferred text editor to modify the file, such as nano or vim:

sudo nano /etc/csf/csf.conf

Some essential settings you may want to modify include:

TESTING: Set this value to 0 to disable testing mode and activate the firewall.
TCP_IN and TCP_OUT: These settings define the allowed incoming and outgoing TCP ports, respectively. Add or remove ports as required, separated by commas.
UDP_IN and UDP_OUT: These settings define the allowed incoming and outgoing UDP ports, respectively. Add or remove ports as required, separated by commas.
DENY_IP_LIMIT: This setting defines the maximum number of IP addresses that can be listed in the /etc/csf/csf.deny file. Adjust this limit as needed.
CT_LIMIT: This setting controls the number of connections from a single IP address that are allowed before the IP is temporarily blocked. Adjust this value according to your server’s requirements.

These are just a few of the numerous configuration options available in CSF. Make sure to review the configuration file and adjust the settings to suit your server’s needs. After making changes to the configuration file, save and exit the text editor.

Step 5: Enabling CSF Firewall

Once you have configured the CSF firewall, it is time to enable it. To do so, run the following command:

sudo csf -e

This command will restart the CSF and LFD (Login Failure Daemon) services, applying your configuration changes and activating the firewall.

Step 6: Managing the Firewall

CSF provides several commands to manage the firewall, such as:

Start the firewall: `sudo csf -s`
Stop the firewall: `sudo csf -f`
Restart the firewall: `sudo csf -r`
List the current firewall rules: `sudo csf -l`
Add an IP address to the allow list: `sudo csf -a IP_ADDRESS`
Remove an IP address from the allow list: `sudo csf -ar IP_ADDRESS`
Add an IP address to the deny list: `sudo csf -d IP_ADDRESS`
Remove an IP address from the deny list: `sudo csf -dr IP_ADDRESS`
Temporarily block an IP address: `sudo csf -td IP_ADDRESS`
Remove a temporary block on an IP address: `sudo csf -tr IP_ADDRESS`

These commands can help you manage your server’s security and monitor incoming and outgoing traffic.

Step 7: Uninstalling CSF (Optional)

If you decide to uninstall CSF for any reason, follow these steps:

Navigate to the CSF directory:
```
cd /etc/csf 
```
Run the uninstallation script:
```
sudo sh uninstall.sh 
```

The script will remove CSF and its associated files from your server.

Conclusion

Installing and configuring the CSF firewall on your Linux server is an essential step in securing your server and protecting it from potential threats. This step-by-step guide has walked you through the process of installing, configuring, and managing the CSF firewall. By implementing CSF on your server, you can enhance its security and have greater control over your server’s traffic, ensuring a safer environment for your applications and data.

2 Comments

Paran patel on November 25, 2013 6:05 pm
Nice tutorial….. after installing csf I have added some custom rules using iptables command but rules flushed after csf restart…. plz help me to how can I add rules….
- Rahul on November 27, 2013 4:06 am
  Hi Paran,
  Read below post to implement custom iptables rules with CSF
  http://tecadmin.net/add-custom-iptables-rules-with-csf/

Reply To Paran patel Cancel Reply