Config Server Firewall (or CSF) is a free and advanced firewall for linux. It is easy to Install CSF (ConfigServer Firewall) on Linux, it’s flexible to configure and secure with additional checks. CSF controls exactly what trafFic is permitted all through the server and protect the server from malicious attack.
Use of CSF Firewall in Linux
Block Countries using CSF Firewall On Linux
How to Block Traffic from Certain Countries
CSF can be completely designed to block/restrict ports you don’t need open. CSF includes the Login Failure Daemon (LFD), which will scan log files and monitor failed login attempts, for example, login attempts for FTP and E-Mail records, and it will block the IP as per the rules you have setup. CSF likewise offers Connection Limiting, Real Time Block Lists and Port Scan tracking and much more.
CSF can be easily managed from within its GUI, which is fully compatible with DirectAdmin, CPanel, and WebMin/Virtualmin.
- Login authentication failure daemon: The following applications are supported by this feature:
- Courier imap, Dovecot, uw-imap, Kerio
- cPanel, WHM, Webmail (cPanel servers only)
- Pure-ftpd, vsftpd, Proftpd
- Password protected web pages (htpasswd)
- Mod_security failures (v1 and v2)
- Suhosin failures
- Exim SMTP AUTH
- Process tracking
- Directory watching
- Messenger service
- Port flood protection
- Port knocking
- Connection limit protection
- Port/IP address redirection
- UI integration
- IP block lists
Follow below steps to install CSF Firewall:
Step #1: Download and Extract CSF Firewall
Download the CSF source code archive and extract it on server:
# cd /opt
# wget http://www.configserver.com/free/csf.tgz
# tar xzf csf.tgz
Step #2: Install CSF Firewall
After extractind the archive file simply install the CSF Firewall using installer script:
# cd csf
# sh install.sh
Step #3: Basic Configuration to Enabling CSF Firewall
The CSF firewall can be fully enabled by setting in CSF configuration file.
# vim /etc/csf/csf.conf
Find Below line in CSF configuration:
Replace it with below line:
Step 4: Test iptables modules
Run the perl script to verify to check all the required iptables modules are installed.
# perl /usr/local/csf/bin/csftest.pl
RESULT: csf should function on this server
Step #5: Restart CSF
Now restart CSF Firewall to make new changes.
# csf -r
If you see an error about libwww not being installed you can install it with yum or cpan:
# yum install perl-libwww-perl
# perl -MCPAN -e 'install Bundle::LWP'