I was recently asked if there is an easier way to manage your server’s Firewall on servers with web-based interfaces like cPanel, CentOS Web Panel and with servers without GUI admin panels as well.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Introduction
Config Server Firewall (or CSF) is a free and advanced firewall for most Linux distributions and Linux based VPS. In addition to the basic functionality of a firewall – filtering packets – CSF includes other security features, such as login/intrusion/flood detections.
As mentioned CSF includes UI integration for cPanel, DirectAdmin and Webmin, but this tutorial only covers the command line usage. CSF is able to recognize many attacks, such as port scans, SYN floods, and login brute force attacks on many services. It is configured to temporarily block clients who are detected to be attacking the cloud server.
The full list of supported operating systems and features can be found on ConfigServer’s website.
Installing ConfigServer Firewall
yum install wget vim perl-libwww-perl.noarch perl-Time-HiRes
cd /usr/src/
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Configure CSF
Stop firewalld:
systemctl stop firewalld
and disable it:
systemctl disable firewalld
cd /etc/csf/
next open the
csf.conf
file using your favourite text editor - vim, vi ,nano and etcvim csf.conf
On line 11 you will see that the "TESTING " is set to “1” , make sure this is set to “0”
TESTING = "0"
lfd
andcsf
````systemctl start csf
systemctl start lfd```
systemctl enable csf
systemctl enable lfd
/etc/csf
:The less access there is to your VPS, the more secure your server is. However, not all ports can be closed as the clients must be able to use your services.
The ports opened by default are the following:
It is possible that you are not using all of these services, so you can close the ports that are not used. I would recommend closing all ports (removing port number form the list), and then adding the ports you need.
Below are port sets that should be opened if you are running the listed service:
On any server:
ICMP_IN Setting ICMP_IN to 1 allows ping to your server and 0 refuses are such requests. If you are hosting any public services, it is recommended to allow ICMP requests, as these can be used to determine whether or not your service is available.
ICMP_IN_LIMIT Sets the number of ICMP (ping) requests allowed from one IP address within a specified amount of time. There is usually no need to change the default value (1/s)
DENY_IP_LIMIT Sets the number of blocked IP addresses CSF keeps track of. It is recommended to limit the number of denied IP addresses as having too many blocks may slow down the server performance.
DENY_TEMP_IP_LIMIT Same as above, but for temporary IP address blocks.
PACKET_FILTER Filter invalid, unwanted and illegal packets.
SYNFLOOD, SUNFLOOD_RATE and SYNFLOOD_BURST This offers protection against SYN flood attacks. This slows down the initialization of every connection, so you should enable this only if you know that your server is under attack.
Whenever you are altering the settings in csf.conf, you should save the files and restart CSF in order for the changes to take effect.
Once you are ready with the configuration, close and save the file.
After this, you should apply the changes by restarting CSF with command:
csf -r
Additionally CSF can be configured to track processes in order to detect suspicious processes or open network ports, and send an email to the system administrator if any is detected. This may help you to identify and stop a possible exploit on your VPS. In order to set this open the
csf.conf
file and change the value from 0 to 1 for the following features:LF_SSH_EMAIL_ALERT = "1"
LF_SU_EMAIL_ALERT = "1"
also change the email address:
LF_ALERT_TO = "mymail@mydomain.tld"
CSF usage
csf -s
csf -f
csf -r
/etc/csf/csf.allow
csf -a 1.1.1.1
/etc/csf/csf.deny
csf -d 1.1.1.1
csf -td 1.1.1.1
CSF provide an option to allow and deny access by country using the CIDR (Country Code).
In order to list more than one country you just need to separate them using comas:
CC_DENY = "AB,CD,EF"
You may find a list of ISO 3166-1 alpha-2 codes at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
Conclusion
CSF is an application firewall for iptables provided for Linux servers which is easy to install and operate and on top of that comes with a lot of handy build-in options which you can use to make sure the security on your droplet is properly configured.
If you’re looking for an article to install CSF on Ubuntu we already have one: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-config-server-firewall-csf-on-ubuntu
Hope this helps!
Regards, Alex