Config Server Firewall (CSF) suite provides a straight-forward SPI iptables firewall script, a daemon process that checks for Login Authentication (LFD) that runs all the time and periodically (every X seconds) scans the latest log file entries for "Brute-force attacks" and the daemon process responds very quickly to such patterns and blocks offending IP's quickly.
1. Download the source file.
2. Extract the file.
tar -xzf csf.tgz
3. Run the installation script.
4. Remove APF/BFD.
If the server is already installed with APF/BFD firewall, you need to uninstall it as they will conflict each other.
5. Before configuring the modules, you need to test the iptable modules.
If it doesn’t shows any fatal errors, we can go ahead with CSF configuration.
All the configuration files for CSF are in /etc/csf and include:
csf.conf - The main configuration file and it has helpful comments explaining what each option does.
csf.allow - A list of IP's and CIDR addresses that should always be allowed through the firewall.
csf.deny - A list of IP's and CIDR addresses that should never be allowed through the firewall.
csf.ignore - A a list of IP's and CIDR addresses that lfd should ignore and not block if detected.
Now, we can go through the main configuration parameters of csf.conf.
1. TESTING = “0″
This will disable the testing mode.
This will allow the incoming TCP ports on the server.
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995”
This will allow the outgoing TCP ports.
TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443”
This will allow the incoming UDP ports.
This will allow the outgoing UDP ports.
UDP_OUT = “20,21,53,113,123”
6. ICMP_IN = 1
This will allow the incoming PING.
7. LF_DAEMON = 1
This will enable the Login Failure detection Daemon (LFD).
CSF Command line options.
1. Allow an IP address on the server.
csf –a 192.168.11.11
This will allow an IP and will add it to /etc/csf.allow file.
2. Block an IP address.
csf –d 192.168.11.11
This will deny an IP and add to /etc/csf.deny file.
3. Unblock an IP address.
csf –dr 192.168.11.11
This will unblock an IP and remove from /etc/csf.deny file.
4. Upgrade CSF.
This will check for updates to CSF and upgrade if available.
5. Restart CSF.
This will restart the firewall rules.
CSF provides integration with the control panels like cPanel and directadmin so that you will be able to manage it through front-end.