How to Install and Configure CSF Firewall on Linux
Abstract: Install CSF Firewall CSF provides a bash script to easily install it on any operating system. This script automatically detects your operating system
ConfigServer Security & Firewall (CSF) is an iptables based firewall. It provides high level of security to Linux server using iptables. The installation of csf is very simple and straightforward. CSF supports most of commonly used Linux operating systems like Red Hat Enterprise Linux, CentOS, CloudLinux, Fedora, openSUSE, Debian, Ubuntu & Slackware. Read more about CSF. Follow the below steps to install CSF firewall in your Linux operating system and do some configuration.
LFD stands for Login Failure Daemon. Its an process that actively monitors the log file for user login entries and send the alerts to admin on basis of configured rules. read more about CSF.
This article will help you to install CSF on Linux system with very easy steps.
Step 1: Download CSF Source ArchiveDownload latest CSF archive source code from its official site and extract on your Linux box. Then extract source code.
# cd /tmp # wget http://download.configserver.com/csf.tgz # tar xzf csf.tgzStep 2: Install CSF Firewall
CSF provides a bash script to easily install it on any operating system. This script automatically detects your operating system and install CSF accordingly. Run install.sh script.
# cd /opt/csf # sh install.shStep 3: Test iptables modules
Run the csftest.pl perl script to verify if all the required iptables modules are installed on your system to make is proper working.
# perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing xt_connlimit...OK Testing ipt_owner/xt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK Testing iptable_nat/ipt_DNAT...OK RESULT: csf should function on this serverStep 4: Enable and Restart CSF
After successfully installing CSF on your system, You need to change following setting in csf.conf to enable CSF.
# vim /etc/csf/csf.conf TESTING=0
Now type the following command on the terminal to restart CSF firewall and reload new changes.
# csf -rAdditional Settings:-Step 5: Enable CSF Web UI
Use our following tutorial to enable web UI for CSF firewall on Linux system.
https://tecadmin.net/how-to-enable-csf-firewall-web-ui/
Step 6: Prevent DDOS AttacksConfigure CSF+LDF to prevent server from DDOS attacks. To enable it edit /etc/csf/csf.conf and update following settings.
CT_LIMIT = "20"
CT_INTERVAL = "30"
CT_EMAIL_ALERT =1
CT_PERMANENT = 1
in seconds that the IP will remained blocked
CT_BLOCK_TIME = 1800
CT_PORTS = "22,23,80,443"