Step 1: Download CSF Source Archive
Download latest CSF archive source code from its official site and extract on your Linux box. Then extract source code.
Step 2: Install CSF Firewall
CSF provides a bash script to easily install it on any operating system. This script automatically detects your operating system and install CSF accordingly. Run install.sh script.
Step 3: Test iptables modules
Run the csftest.pl perl script to verify if all the required iptables modules are installed on your system to make is proper working.
Step 4: Enable and Restart CSF
After successfully installing CSF on your system, You need to change following setting in csf.conf to enable CSF.
Now type the following command on the terminal to restart CSF firewall and reload new changes.
Additional Settings:-
Step 5: Enable CSF Web UI
Use our following tutorial to enable web UI for CSF firewall on Linux system.
https://my.alchosting.net/knowledgebase/9/How-to-Enable-CSF-Firewall-Web-UI.html
Step 6: Prevent DDOS Attacks
Configure CSF+LDF to prevent server from DDOS attacks. To enable it edit /etc/csf/csf.conf and update following settings.
- Total number of connections allowed from single host. To disable this feature, set this to 0
- Connection Tracking interval in seconds.
- Sent email alerts for each blocked ip.
- Set this to 1 to block ips permanent.
- If you opt for temporary IP blocks for CT, then the following is the interval
in seconds that the IP will remained blocked - If you only want to count specific ports (e.g. 22,23,80,443) then add the ports. else keep it empty to check all ports