Knowledgebase

Installing and Configuring CSF Firewall on Linux Server

ConfigServer Security & Firewall (CSF) is a popular firewall application for Linux servers. This guide outlines the steps to install CSF and provides a basic configuration to enhance the security of your server.

Content:

1. Installation:

   • Connect to your server via SSH.
   • Download and install CSF:
     bashCopy code

     wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh

2. Configuration:

   • Edit CSF configuration file:
     bashCopy code

     nano /etc/csf/csf.conf

3. Basic CSF Configuration:

   • TCP_IN, TCP_OUT, UDP_IN, UDP_OUT:

     • Define incoming and outgoing ports.
     • Example:
       makefileCopy code

       TCP_IN = "20,21,22,80,443" TCP_OUT = "20,21,22,25,43" UDP_IN = "53" UDP_OUT = "53"

   • LF_ Options (Login Failure Blocking):*

     • Configure settings to block IPs with excessive login failures.
     • Example:
       makefileCopy code

       LF_SSHD = "5" LF_SMTPAUTH = "3"

4. Advanced Configuration (Optional):

   • SYNFLOOD, PORTFLOOD, CONNLIMIT:

     • Protection against SYN floods, port floods, and connection limits.

   • SMTP Restrictions:

     • Prevent unauthorized SMTP access.
     • Configure settings for SMTP_BLOCK, SMTP_ALLOWGROUP, etc.

   • Custom Firewall Rules:

     • Add custom rules using /etc/csf/csfpre.sh and /etc/csf/csfpost.sh.

5. Testing Configuration:

   • Apply the configuration:

     Copy code

     csf -r

   • Check CSF status:

     Copy code

     csf -s

6. Enabling CSF and LFD:

   • Start CSF and its Login Failure Daemon (LFD):
     Copy code

     csf -e

7. Managing IP Blocks:

   • View and manage blocked IPs:
     phpCopy code

     csf -g csf -dr <IP>

8. Configuration File Changes:

   • CSF configuration changes are saved in /etc/csf/csf.conf.
   • Make modifications carefully and restart CSF to apply changes:
     Copy code

     csf -r

9. Uninstallation:

   • To uninstall CSF and LFD:
     bashCopy code

     cd /etc/csf sh uninstall.sh

This guide walks you through the process of installing and configuring CSF firewall on your Linux server. Customizing the configuration to suit your specific needs will enhance your server's security by effectively filtering incoming and outgoing traffic.