CSF

ConfigServer Security & Firewall (CSF) is a powerful iptables configuration tool.

How to install CSF on CentOS: 

Log in to your server as root using ssh and enter following commands:

cd /tmp

wget http://www.configserver.com/free/csf.tgz

tar -xzf csf.tgz

cd csf

sh install.sh

cd /tmp

rm -rf csf

rm csf.tgz

How to use CSF web interfase in cPanel/WHM

Log in to WHM and go to:

Home -> Plugins -> ConfigServer Security&Firewall

 

How to use web interface in Webmin

Log in to Webmin and go to:

Webmin -> Webmin Configuration -> Webmin Modules >


From local file > /usr/local/csf/csfwebmin.tgz > Install Module

 

Press "Continue"

 

When the module is installed, refresh page (Ctrl+F5) and go to:

Webmin -> System -> ConfigServer Security & Firewall

 

Configuring CSF

Main CSF configurable options are in file /etc/csf/csf.conf or in "Firewall Configuration" button in web interface.

First that you will see in config is: TESTING = 1

CSF is in testing mode by default which enables a CRON job that clears iptables incase of configuration problems when you start csf. This should be enabled until you are sure that the firewall works - i.e. in case you get locked out of your server! Then do remember to set it to 0 and restart csf when you're sure everything is OK. Stopping csf will remove the line from /etc/crontab.

NOTE that CSF with default setting will block the exact IP (in several scenarios; like blocking IP's sending SYN_REC flood) for a long term. You can decrease the time period with changing the CT_BLOCK_TIME from 1800(default) to 500 for example. Also note that this will decrease your security so it's not recommended

For more information refer to the official CSF site: http://www.configserver.com

 

Was this answer helpful?

 Print this Article

Also Read

Changing mac address in VMware

In Centos: 1. Edit old mac HWADDR=XX:XX:XX:XX:XX:XX in the file...

Forward (redirect/nat) traffic with iptables

If you want to redirect/nat some traffic to IP 2.2.2.2 via IP 1.1.1.1, it simply can be done...

Set hostname

Set host name on Centos: /etc/sysconfig/network   HOSTNAME="mycomputer"...

Sendmail [25: Connection refused] fix

If you can't receive email from the outside and got next error:  (Delivery Status Notification...

Backing up VPS from the inside

This guide will show you how to backup your vsp/container "from the inside vps". First of...