How to Use the CSF Firewall on an Ubuntu 20.04 Cloud Server?

29-01-2024 03:17:12

CSF (ConfigServer Security & Firewall) is a widely used security tool for Linux operating systems, offering a simple panel for protecting the security of Linux servers. CSF provides functionalities such as stateful packet inspection, intrusion detection, login failure daemon, DDoS protection, and can be integrated into various hosting control panels. This guide introduces the installation process, basic settings, and common commands for CSF, based on a cloud server running Ubuntu 20.04.

Installing CSF

Since Ubuntu 20.04 comes with UFW firewall installed by default, it's necessary to uninstall UFW before installing CSF.

# apt remove ufw

Installing dependencies for CSF:

# apt install perl zip unzip libwww-perl liblwp-protocol-https-perl
# apt install sendmail-bin

Begin the installation of CSF:

# cd /usr/src
# wget https://download.configserver.com/csf.tgz
# tar -xzf csf.tgz
# cd csf
# sh install.sh

Verifying CSF Installation

Run the check command to confirm successful installation of CSF:

# perl /usr/local/csf/bin/csftest.pl
RESULT: csf should function on this server

Check the version of CSF:

# csf -v 
csf: v14.02 (generic)
*WARNING* TESTING mode is enabled - do not forget to disable it in the configuration

Configuring CSF

Edit the /etc/csf/csf.conf file to disable test mode. Locate the line TESTING = "1" and change it to TESTING = "0".

# nano /etc/csf/csf.conf

Then find RESTRICT_SYSLOG = "0" and change it to RESTRICT_SYSLOG = "3". This allows only members of the RESTRICT_SYSLOG_GROUP to access log files.

Restart CSF to apply the changes:

# csf -ra

Start CSF:

# csf -s

Stop CSF:

# csf -f

Allow IP addresses for specific ports. Add the following code in /etc/csf/csf.conf file:

# Allow incoming TCP ports
TCP_IN = 20,21,22,25,26,53,80,110,143,443,465,587,993,995,2077”

# Allow outgoing TCP ports
TCP_OUT = 20,21,22,25,26,37,43,53,80,110,113,443,465,873,2087”

Restart CSF to apply the changes:

# csf -ra

Disable specific IP addresses using the -d option:

# csf -d 192.0.2.123

Remove a specific IP address from the block list using the -dr option:

# csf -dr 192.0.2.123

Allow a specific IP address using the -a option:

# csf -a 192.0.2.123

Remove a specific IP address from the allow list using the -ar option:

# csf -ar 192.0.2.123

Block a range of IP addresses. Add the following code in /etc/csf/csf.deny file:

192.0.2.123     # deny this IP
192.0.2.0/24    # deny this network

Allow a range of IP addresses. Add the following code in /etc/csf/csf.allow file:

192.0.2.123     # trust this IP

Check all listening ports using the -p option:

# csf -p

For more information, refer to the official CSF documentation.

https://configserver.com/cp/csf.html

Search

Latest

What are the differences between cloud servers and dedicated servers?
23-02-2024 02:02:07
How to Test the Bandwidth and Speed of Your Cloud Server?
22-02-2024 03:19:32
Regarding IP Address Allocation, Changing IP Addresses, and Testing IPs in Cloud Server IP Address Management
22-02-2024 03:16:03
How to Change the DNS Server on a Linux Cloud Server?
22-02-2024 03:14:03
How to Install cURL on a Linux Cloud Server?
22-02-2024 03:11:58