CSF Firewall installation and configuration

ConfigServer Firewall (CSF) is an advanced firewall suite for Linux systems that enhances the security on your Server. It also has the Login Failure Daemon (LFD) process that regularly scans for failed login attempts on your Server and takes action against the offending IP Addresses.

Note

This documentation assumes that you are connected to the Server using an SSH client as a root user.

To Install CSF on a Server

  1. Change the present working directory to /usr/local/src using the command below. You may choose any other directory of your choice, where you want the installation script to be downloaded.

    cd /usr/local/src

  2. Run the below command to download the archive file to the present working directory:

    wget https://configserver.com/free/csf.tgz

  3. Extract the files using the command:

    tar xfz csf.tgz

  4. Go to the CSF directory using the command:

    cd csf

  5. To install CSF:

    • On a Server Without any Hosting Panel

      Run the general installation script ./install.generic.sh.

    • On a Server With cPanel or DirectAdmin

      • Run the installation script ./install.cpanel.sh to install CSF on a Server with cPanel.

      • Run the installation script ./install.directadmin.sh to install CSF on a Server with DirectAdmin.

    The CSF Firewall will be installed in the /etc/csf directory and the allowed inbound/outbound port configuration will be adjusted as per the current settings. You can make further adjustments through the configuration file /etc/csf/csf.conf.

  6. Restart the firewall for the changes to take effect using the command:

    /etc/init.d/csf restart

  7. You can disable the testing flag by changing the value for TESTING from 1 to 0 in the configuration file /etc/csf/csf.conf using an editor like vi.

    Note

    Ensure that all your custom firewall settings are working perfectly before you disable the testing mode.

    Disabling Testing Mode

  8. Restart the Firewall again.

To Manage CSF

CSF can be managed through the Command Line Interface. The command csf would present a list of commands and the information related to them.

CSF Commands

A few basic commands are:

  • Allowing an IP Address

    csf -a <ip_address>

  • Denying an IP Address

    csf -d <ip_address>

You can manage the CSF settings from your WHM Panel (Home >> Plugins).

Managing CSF through WHM

Once the installation is complete, you need to make sure that you have configured the firewall properly, before turning the testing mode off.

Ports and Settings to be enabled

  cPanel Plesk
TCP_IN 20, 21, 22, 25, 26, 53, 80, 110, 143, 443, 465, 993, 995, 2082, 2083, 2086, 2087, 2095, 2096 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 993, 995, 8443, 8880
TCP_OUT 21, 22, 25, 26, 27, 37, 43, 53, 80, 110, 113, 443, 465, 873, 2089 20, 21, 22, 25, 53, 37, 43, 80, 113, 443, 465, 873, 5224, 5443
UDP_IN 20, 21, 53, 953 20, 21, 37, 53, 873
UDP_OUT 20, 21, 53, 113, 123, 873, 953 20, 21, 53, 113, 123, 873, 6277
Configure SMTP

SMTP_BLOCK = "1"

SMTP_ALLOWLOCAL = "1"

SMTP_PORTS = "25,26"

SMTPAUTH_LOG = "/var/log/exim_mainlog"

SMTP_BLOCK = "1"

SMTP_ALLOWLOCAL = "1"

SMTP_PORTS = "25,587"

SMTPAUTH_LOG = "/usr/local/psa/var/log/maillog"