Today’s topic is How to Install and Configure CSF Firewall on Linux. CSF stands for ConfigServer Security & Firewall, it is a server firewall designed to provide better security for your server and provides you with an easy-to-use, advanced interface to manage your firewall settings. The CSF configures your server’s firewall to lock down public access to services and allow only certain connections. For example logging into FTP, checking your email, or loading your website. CSF is a stateful packet inspection (SPI) firewall, login/intrusion detection, and security application for Linux servers. This can protect your server from attacks and improve security. In this article, you will learn how to install and configure a CSF firewall on your Linux server.
Install CSF Firewall on Linux
Install CSF dependencies
Run the below command to install CSF dependency.
# yum install perl-libwww-perl -y
Download and install CSF
Use the commands below to download the CSF
# Yum install wget -y # cd /usr/src # wget https://download.configserver.com/csf.tgz
Now extract the files and install CSF using the below commands
# tar xzf csf.tgz # ls # cd csf # sh install.sh
Configure the CSFs
Before making any configuration changes, you must disable the default or any installed firewall on the server. In my case, I have the default firewall application “firewalled”.
Disable firewalld using the below commands
# systemctl stop firewalld # systemctl disable firewalls
Now configure the CSF firewall
Open the CSF configuration file /etc/csf/csf.conf using the following command and change TESTING = “1” to TESTING = “0” as you can see in the image below.
# vi /etc/csf/csf.conf
Now restart, enable and test CSF
# systemctl restart csf
# systemctl restart lfd
# systemctl enable csf
# systemctl enable lfd
# systemctl is-active {csf,lfd}
# csf -v
Management of CSF
Open the port on the CSF firewall
Open the csf.conf file using the command below and add the desired port under Allow incoming ports or Allow outgoing ports.
# vi /etc/csf/csf.conf
# Allow incoming TCP ports TCP_IN = "20,21,22,25,53,110,143,443,465,587,993,995,80"
# Allow outgoing TCP ports TCP_OUT = "20,21,22,25,53,110,113,443,587,993,995,80"
Now restart the firewall to apply the new changes.
# csf -r
Block and Unblock an IP Address
An IP address blocking command
# csf -d IP-ADDR
The command to unblock an IP address
# csf -dr IP-ADDR
Allow and remove a permitted IP address
Command to permit an IP address
# csf -a IP-ADDR
The command to remove an authorized IP address
# csf -ar IP-ADDR
Below are some useful CSF commands to manage your server security
Learn how to Change the SSH Port in Linux. Buy Linux VPS from Oudel Inc.
