How to Install and Configure CSF Firewall on Linux

Step 1: Download CSF Source Archive

Download latest CSF archive source code from its official site and extract on your Linux box. Then extract source code.

# cd /tmp
# wget http://download.configserver.com/csf.tgz
# tar xzf csf.tgz

Step 2: Install CSF Firewall

CSF provides a bash script to easily install it on any operating system. This script automatically detects your operating system and install CSF accordingly. Run install.sh script.

# cd /opt/csf
# sh install.sh

Step 3: Test iptables modules

Run the csftest.pl perl script to verify if all the required iptables modules are installed on your system to make is proper working.

# perl /usr/local/csf/bin/csftest.pl

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

Step 4: Enable and Restart CSF

After successfully installing CSF on your system, You need to change following setting in csf.conf to enable CSF.

# vim /etc/csf/csf.conf

TESTING=0

Now type the following command on the terminal to restart CSF firewall and reload new changes.

# csf -r

Additional Settings:-

Step 5: Enable CSF Web UI

Use our following tutorial to enable web UI for CSF firewall on Linux system.

https://my.alchosting.net/knowledgebase/9/How-to-Enable-CSF-Firewall-Web-UI.html

Step 6: Prevent DDOS Attacks

Configure CSF+LDF to prevent server from DDOS attacks. To enable it edit /etc/csf/csf.conf and update following settings.

  • Total number of connections allowed from single host. To disable this feature, set this to 0 
    CT_LIMIT = "20"
  • Connection Tracking interval in seconds. 
    CT_INTERVAL = "30"
  • Sent email alerts for each blocked ip. 
    CT_EMAIL_ALERT =1
  • Set this to 1 to block ips permanent. 
    CT_PERMANENT = 1
  • If you opt for temporary IP blocks for CT, then the following is the interval
    in seconds that the IP will remained blocked

     

    CT_BLOCK_TIME = 1800
  • If you only want to count specific ports (e.g. 22,23,80,443) then add the ports. else keep it empty to check all ports 
    CT_PORTS = "22,23,80,443"
Was this answer helpful?

Related Articles

How to Enable CSF Firewall Web UI

Step 1 – Install Required Perl Modules: CSF UI required some of Perl modules to be installed...

How To Install mod_cloudflare for Apache on Ubuntu

Install mod_cloudflare for Apache First of all, enable the PPA of Cloudflare module to your...

How To Install Wine 4.0 on CentOS 8 & Fedora 30/29

Step 1 – Prerequisite First of all, become root user on your CentOS 8 system. Then continue to...

How to Install Fail2Ban on CentOS 8 & Fedora 30/29

Step 1 – Install Fail2ban on CentOS 8 First of all, install epel-release package to configure...

How To Install MariaDB on Debian 10 (Buster)

Step 1 – Prerequsiteis You can find the MariaDB Apt configuration file from the official...