ConfigServer Firewall CSF install linux

How to Install and Configure ConfigServer Firewall on Linux

0 comment

ConfigServer Firewall (CSF) is an Advanced Firewall. It is based on IPTABLES Firewall Linux. In addition to the basic functionality of a firewall, CSF includes more features like excess login, Flood, intrusion, etc. CSF includes UI Integration for cPanel, DirectAdmin, InterWorx, CentOS Web Panel (CWP), VestaCP, CyberPanel, and Webmin.

This article is for Debian based distro such as Debian and Ubuntu. All the commands must be executed with root permissions, either by login with root or by “sudo”.

Features of CSF:

  • SYN Flood protection
  • Ping of death protection
  • Port Scan tracking and blocking
  • Permanent and Temporary IP blocking
  • Port Flooding Detection
  • Excessive connection blocking
  • Mod_security failures
  • POP3/IMAP login tracking to enforce logins per hour
  • SSH login notification
  • Block traffic on a variety of Block Lists
  • Country Allowing and Country Blocking

Installation of CSF:

Step 1: Downloading CSF

Download CSF files from its website.

wget http://download.configserver.com/csf.tgz

Step 2: Extract CSF.tgz

Uncompress the downloaded file CSF.tgz.

tar -xzf csf.tgz

Step 3: Disabling other Firewalls

In Debian based Linux distributions like Ubuntu contains UFW Firewall. RedHat based Linux distributions as CentOS contains Firewalld. These other firewalls must be disabled to use CSF Firewall.

For Ubuntu/Debian Users:

ufw disable

For CentOS/RedHat Users:

systemctl stop firewalld
systemctl disable firewalld

Step 4: Install CSF

cd csf
sh install.sh

After installation, You should get the information that “CSF installation is completed” at the end.

Now check that if CSF will work or not in the server.

perl /usr/local/csf/bin/csftest.pl

If you see “CSF should function on this server”,  then CSF will run without problems on your server.

Step 5: Advance CSF Configuration

Edit csf.conf for advance security of firewall.

Turn OFF Testing:

Testing = "0"

Configuring ports

Only open required ports. Chances of attacks increases if you open more ports.

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
TCP_OUT = "20,21,22,25,53,80,110,113,443"
UDP_IN = "20,21,53"
UDP_OUT = "20,21,53,113,123"

These are the default ports which are opened in CSF you can edit as per your requirnment.

Configuring ICMP

ICMP_IN:  ICMP_IN “1” allows ping to your server and 0 refuses the ping. I recommend to set it 0 because DDoS attacks also occur via too many pings at once.

ICMP_IN_LIMIT: Sets number of ICMP request allowed per IP address per Second (1/s)

Configuring PACKET FILTER

PACKET_FILTER Filters all invalid, unwanted, and illegal packets that are incoming to the server.

Configuring SYNFLOOD

SYNFLOOD, SYNFLOOD_RATE, and SYNFLOOD_BURST This offers protection against SYN flood attacks. This slows down the initialization of every connection, so you should enable this only if you know that your server is under attack.

Configuring CONNLIMIT

CONNLIMIT: It limits the active connection on port

80;10;443;25

This will allow 10 connections on port 80 and 25 connections on port 443 at once.

Configuring PORTFLOOD

PORTFLOOD: It allows a number of new connections made at a specific time interval to a specific port.

27015;udp;15;100

This would block the IP address if more than 15 connections on port 80 using UDP protocol in 100 Seconds.

Configuring Country Blocking

This is a great feature of the CSF Firewall. You can block or allow a specific country on your server. If you want to allow your website for specific country you can block rest country here so incoming attacks changes get reduced and your server gets more secured.

CC_DENY = "US,UK"
CC_ALLOW = "IN"

CC_DENY will block the specified country

CC_ALLOW will allow the specific country

Configuring SU and SSH Login alerts

LF_SSH_EMAIL_ALERT = "1"
LF_SU_EMAIL_ALERT = "1"
LF_ALERT_TO = "[email protected]"

Set “1” to enable and “0” to disable alerts.

Save and Exit the CSF.conf file

Step 6: Basic CSF Commands

Start the CSF Firewall:

csf -s

Reload the CSF Firewall:

csf -r

Flush the CSF Firewall:

csf -f

Related Posts

Leave a Comment