CSF ConfigServer Firewall

Install and Configure CSF ConfigServer Firewall

About CSF Firewall

ConfigServer Security and Firewall, also known as CSF, is an opensource software firewall application. It is working based on iptables. Firewall configuration script created to provide better security for your server while giving you an easy to use, advanced interface for managing your firewall settings. CSF configures your server’s firewall to lock down public access to services and only allow certain connections, such as logging in to FTP, checking your email, or loading your websites.

 

Features

ConfigServer Firewall CSF Provides:

  • Straight-forward SPI iptables firewall script ;
  • Daemon process checking ;
  • login authentication failures check (ssh, mail server, ftp, webmin, virtualmin & cpanel) ;
  • SSH & SU login notification ;
  • Alert for spam mail scripts ;
  • Suspicious process reporting ;
  • Excessive user processes reporting ;
  • Suspicious file reporting ;
  • BOGON packet protection ;
  • Port Scan tracking and blocking ;
  • Permanent and Temporary IP blocking ;
  • IPv6 Support with ip6tables ;
  • Permanent and Temporary IP allow ;
  • SYN Flood protection ;
  • IDS (Intrusion Detection System) ;
  • Connection Tracking and blocking
  • Typical DoS and flood protection and blocking
  • Distributed attacks blocking
  • Suhosin failures
  • Mod_security failures (v1 and v2)
  • And more

 

Install ConfigServer Firewall

In this article, we are going to explain about ConfigServer Security & Firewall (CSF) installation and configuration in Linux. I tested this in my Centos 7 server, but this installation procedure is common for all the Linux distribution.

Make sure you have installed the following perl modules. These modules are required for Statistical Graphs available from the csf UI. It is dependent on graphical libraries being installed for your OS (e.g. libgd, libpng, etc.) The Perl module itself can be installed as shown below.

On RedHat/CentOS/:

On Debian/Ubuntu:

Now, download the latest CSF from the official download page.

Extract csf.tgz file using command:

A word of caution: You should not run any other iptables firewall configuration script. For example, if you previously used APF(Advanced Policy Firewall)+BFD(Brute Force Detection) you can remove the combination (which you will need to do if you have them installed otherwise they will conflict):

Go to csf directory,

… and run the following command to APF and BFD:

Sample output:

Removing apf and/or bfd…

As you see in the above output, I don’t have APF & BFD in my system.

Now, let us go further and install CSF using command:

Sample output:

After installing CSF, you can safely remove the zip file and csf directory using command:

Next, test whether you have the required iptables modules:

Sample output:

Cool. CSF should work in our server.

 

Configure CSF

Now, you should configure the TCP_IN, TCP_OUT, UDP_IN and UDP_OUT options in the csf configuration to suite your server.

To do that, edit.

Make the following changes:

Go through the configuration file completely and make the changes as per your requirement. Once you made all changes, enable CSF, by changing the line TESTING=”1″ to TESTING=”0″ in the csf.conf file.

Save and close the file.

Now, start CSF service as shown below.

Note: You don’t have to run “chkcconfig” command in Debian/Ubuntu.

Sample output:

CSF Configuration has been done…!!

Next, we will discuss CSF configuration files and it’s usage.

CSF Configuration Files

You can view the csf command line options by using either:

Or

These options allow you to easily and quickly control and view csf.

All the configuration files for csf are in /etc/csf and include:

  • csf.conf: The main configuration file, it has helpful comments explaining what each option does ;
  • csf.allow: A list of IP’s and CIDR addresses that should always be allowed through the firewall ;
  • csf.deny: A list of IP’s and CIDR addresses that should never be allowed through the firewall ;
  • csf.ignore: A list of IP’s and CIDR addresses that lfd should ignore and not not block if detected ;
  • csf.*ignore: Various ignore files that list files, users, IP’s that lfd should ignore. See each file for their specific purpose and tax.

You should restart csf service if you made any changes in the configuration files.

To restart csf service, run:

CSF Usage

Sample list of CSF Commands:
1. How to allow / whitelist an IP address?

This will add IP address 192.168.1.2 in /etc/csf/csf.allow.

Restart the firewall after whitelisting the IP address.

2. How to remove a blocked IP address without adding to whitelist?

This will remove the IP address 192.168.1.5 from deny list

3. How to block an IP address?

This will add IP address 192.168.1.2 in /etc/csf/csf.deny.

4. How to check whether an IP is blocked by CSF?

The above command will show whether IP is blocked by CSF.

5. How to disable csf and lfd completely?

6. How to enable CSF firewall?

7. How to restart CSF firewall?

8. How to Flush CSF firewall?

9. How to remove an IP from csf allow list?

This will remove IP address from /etc/csf/csf.allow.

 

CSF GUI

In case you don’t like console, or you don’t have any experience with it, CSF also has a beautiful GUI for cPanel, DirectAdmin and Webmin.

You can install it easily, in /etc/csf/ there are instructions for all of these panels. Enjoy.

csf