ConfigServer Firewall (CSF) is an Advanced Firewall. It is based on IPTABLES Firewall Linux. In addition to the basic functionality of a firewall, CSF includes more features like excess login, Flood, intrusion, etc. CSF includes UI Integration for cPanel, DirectAdmin, InterWorx, CentOS Web Panel (CWP), VestaCP, CyberPanel, and Webmin.
This article is for Debian based distro such as Debian and Ubuntu. All the commands must be executed with root permissions, either by login with root or by “sudo”.
Features of CSF:
- SYN Flood protection
- Ping of death protection
- Port Scan tracking and blocking
- Permanent and Temporary IP blocking
- Port Flooding Detection
- Excessive connection blocking
- Mod_security failures
- POP3/IMAP login tracking to enforce logins per hour
- SSH login notification
- Block traffic on a variety of Block Lists
- Country Allowing and Country Blocking
Installation of CSF:
Step 1: Downloading CSF
Download CSF files from its website.
Step 2: Extract CSF.tgz
Uncompress the downloaded file CSF.tgz.
tar -xzf csf.tgz
Step 3: Disabling other Firewalls
In Debian based Linux distributions like Ubuntu contains UFW Firewall. RedHat based Linux distributions as CentOS contains Firewalld. These other firewalls must be disabled to use CSF Firewall.
For Ubuntu/Debian Users:
For CentOS/RedHat Users:
systemctl stop firewalld systemctl disable firewalld
Step 4: Install CSF
cd csf sh install.sh
After installation, You should get the information that “CSF installation is completed” at the end.
Now check that if CSF will work or not in the server.
If you see “CSF should function on this server”, then CSF will run without problems on your server.
Step 5: Advance CSF Configuration
Edit csf.conf for advance security of firewall.
Turn OFF Testing:
Testing = "0"
Only open required ports. Chances of attacks increases if you open more ports.
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995" TCP_OUT = "20,21,22,25,53,80,110,113,443" UDP_IN = "20,21,53" UDP_OUT = "20,21,53,113,123"
These are the default ports which are opened in CSF you can edit as per your requirnment.
ICMP_IN: ICMP_IN “1” allows ping to your server and 0 refuses the ping. I recommend to set it 0 because DDoS attacks also occur via too many pings at once.
ICMP_IN_LIMIT: Sets number of ICMP request allowed per IP address per Second (1/s)
Configuring PACKET FILTER
PACKET_FILTER Filters all invalid, unwanted, and illegal packets that are incoming to the server.
SYNFLOOD, SYNFLOOD_RATE, and SYNFLOOD_BURST This offers protection against SYN flood attacks. This slows down the initialization of every connection, so you should enable this only if you know that your server is under attack.
CONNLIMIT: It limits the active connection on port
This will allow 10 connections on port 80 and 25 connections on port 443 at once.
PORTFLOOD: It allows a number of new connections made at a specific time interval to a specific port.
This would block the IP address if more than 15 connections on port 80 using UDP protocol in 100 Seconds.
Configuring Country Blocking
This is a great feature of the CSF Firewall. You can block or allow a specific country on your server. If you want to allow your website for specific country you can block rest country here so incoming attacks changes get reduced and your server gets more secured.
CC_DENY = "US,UK" CC_ALLOW = "IN"
CC_DENY will block the specified country
CC_ALLOW will allow the specific country
Configuring SU and SSH Login alerts
LF_SSH_EMAIL_ALERT = "1" LF_SU_EMAIL_ALERT = "1" LF_ALERT_TO = "[email protected]"
Set “1” to enable and “0” to disable alerts.
Save and Exit the CSF.conf file
Step 6: Basic CSF Commands
Start the CSF Firewall:
Reload the CSF Firewall:
Flush the CSF Firewall: