What is CSF

ConfigServer Firewall (CSF) is a free, open source and powerful iptables-based software firewall application that provides a high level of security for Linux servers. CSF is a state-of – the-art packet inspection that can protect your server against various types of attacks, such as brute force, SYN flood, port scan, DOS, and server security.

CSF allows you to configure the firewall of your server to lock the public access to services and only allow certain connections, such as logging in to FTP, checking your email or loading your websites. CSF keeps watching your user activity for login failures; if you see a large number of login failures coming from the same IP address, that IP will be temporarily blocked from all services on your server. Using the ConfigServer interface, you can manually add and remove whitelist or blacklist IPs in your firewall. 

What is Firewall

A computer firewall is a software program that prevents unauthorized access from or to a private network. Firewalls are tools that can be used to improve the security of computers connected to a network, such as the LAN or the Internet. They are an integral part of your network’s comprehensive security framework.

Installing CSF

Before you begin with the process, you need to move to the directory where you want to download the package.

1   cd /usr/src/

Next, download CSF using wget command in the following manner.

1   wget https://download.configserver.com/csf.tgz

You need to extract the package after that by running the following command.

1   tar -zxvf csf.tgz

Install CSF by executing the command below.

1   cd csf
2   /usr/src/csf# sh install.sh

Check if you have the required iptables modules after installation. And you need to run the following command for that.

1   /usr/src/csf# perl /usr/local/csf/bin/csftest.pl

Configuration of CSF

We have installed the CSF in testing mode so it does not provide full server protection from attacks. You should configure the CSF according to your requirement to disable the testing mode. Open the configuration file.

1   /usr/src/csf# vim /etc/csf/csf.conf

Change the test mode by simply changing the test variable from TESTING = “1” to “TESTING=0.”

Start your CSF 

To start your service and check the status you can execute the command given below

1   /usr/src/csf# systemctl start csf
2   /usr/src/csf# systemctl status csf

If you have started the csf, please run the command as follows

1   /usr/src/csf# csf -s

If you want to reload the CSF, please execute the command as follows

1   /usr/src/csf# csf -r

Then you see the CSF functionality handling option as follows.

1   /usr/src/csf# csf

Allow & deny IPs using CSF

If you want to allow an IP, you will run the -a option followed by the IP.

1   csf -a 192.12.1.235

Now, to open your csf.allow file execute

1   vim /etc/csf/csf.allow

You’ ll be able see the IP that you added.

Use the -ar option along with the IP to remove that IP from your allow list.

1   csf -ar 192.12.1.235

Do check if it’s removed.

1   vim /etc/csf/csf.allow

If you want to deny the IP address, simply use the -d option as follows.

1   csf -d 192.12.1.235

You can check if the denied IP is added to the csf.deny file by executing the command given below

1   vim /etc/csf/csf.deny

By running the –dr option, you can remove the denied IP from the csf.deny file.

1   csf -dr 192.12.1.235

Now, you can check whether the denied IP is removed from the list.

1   vim /etc/csf/csf.deny

There are loads  of commands you can use in CSF. I’ll provide you with those commands in next guide.

Hope you’re successful in this configuration. Feel free to ask me any questions in the comment box and I will try to answer them all.