CentrioHost Blog

Stories and News from IT Industry, Reviews & Tips | Technology Blog


HOW TO INSTALL & CONFIGURE CSF [CONFIGURE SERVER FIREWALL] IN UBUNTU

You’ve just set up your new cheap VPS, and now you want to set up a firewall to protect your server. Here we show you how.

Config Server Firewall is a free, open source advanced firewall that can be used in most Linux-based servers. Apart from basic functionality CSF also filters packets, and includes security features like login/flood/intrusion detections. CSF has a UI for cPanel, Webmin, and DirectAdmin. Config Server Firewall can identify attacks like SYN floods and port scans login bruteforce attacks in various services.

We will be discussing how to install CSF in a Debian-based system like Ubuntu.

You will need to have root permissions to execute some of the commands. Login as root, or initiate root shell by typing the following to check whether sudo is installed or not:

Login authentication
Config Server Firewall frequently checks for failed logins and identifies unauthorized attempts.  In such case, you can define desired action.

Process tracking
You can configure Config Server Firewall to track processes so open network ports or suspicious processes can be detected. An email can be triggered and sent to administrator when such activity is detected.

Directory watching
Directory watching allows you to monitors /temp and other folders for malicious scripts. An email can be triggered and sent to the administrator.

Port flood protection
In the event of DoS (denial of service) attacks, this setting safeguards against a potential port flood attack. We can define allowed connections for each port

Connection limit protection
With this number of concurrent or active connection from an IP to each port can be limited.

How to install CSF

Step 1 – Download

In Ubuntu or Debian, CSF can’t be found in repos so it has to be downloaded from ConfigServer’s website.

Open terminal and type

wget http://download.configserver.com/csf.tgz

This will download CSF to your current working directory.

Step 2 – Uncompressing

Next, uncompress the downloaded zip file.

 

Step 3 – Installation

If you are using any other firewall like UFWQ, then you need to disable it. To disable type ufw disable

Please note, you need to root to run this command.

Next, To install / execute CSF, go to CSF folder and type

sh install.sh

Now, you can see that the firewall has been installed.

Basic Configuration

You can now configure Config Server Firewall. For this you need to edit csf.conf which is the main configuration file. To edit conf file type the following command. Please make sure you have root before running it.

Next, you will see an editor type interface where you can make changes.

Ports opened by defaults are:

Here you start can making changes. You can remove ports that you don’t want to allow.

Step 3: Applying the Changes

To apply changes, press Ctrl + X and then you will be asked whether you want to save or not. If you press Y then changes will be saved and if N is pressed changes won’t be saved.

How to block or allow an IP address?

Ability to block IP is one of the basic functionalities of the firewall. You can block or allow or ignore an IP by editing the appropriate config files – csf.allow, csf.deny and csf.ignore.

How to block IP addresses

If you would like to block an IP address or range, open csf.deny.

Type the following to open csf.deny where you can add IP to block

Put the IP address to block in one line.

How to allow IP addresses

Similarly, if you want to allow an IP, then you can put it in the csf.allow file. Note that an IP present in csf.allow will be allowed even if it is also entered in csf.deny.

To put an IP in the allow list type the following :

And then in next, editor window put IP that you want allow.

How to ignore IP addresses

Config Server Firewall also has functionality to exclude IPs from firewall filters. If you add an IP address to csf.ignore then it is bypassed by firewall filters.

 

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Archive Calendar

SatSunMonTueWedThuFri
 123456
78910111213
14151617181920
21222324252627
28293031 

Over 20000 Satisfied Customers!

  • web hosting reviewer
    Valerie Quinn
    CTO, Acteon Group

    Centriohost staff were fantastic, I had a concern with a domain and they got back to me very quickly and they helped me to resolve the issue! ~ . . . Read more

  • Joomla hosting reviewer
    Collin Bryan
    Photographer, Allister Freeman

    I'm using centrio for my portfolio since 2006. The transition was seamless, the support was immediate, and everything works perfectly. ~ . . . Read more

  • dedicated server reviewer
    Harry Collett
    Actor, A&J Artists

    Very easy to understand & use even though I am not very technologically minded. No complications whatsoever & I wouldn't hesitate to recommend it to all. ~ . . . Read more

  • vps web hosting reviewer
    Porfirio Santos
    Technician, Diageo PLC

    Centrio support team have been amazingly responsive and helpful to any of my queries, thank you so much to the Centriohost have been amazingly responsive and helpful to any of my queries 👍👍👍 ~ . . . Read more

  • wordpress hosting plans reviewer
    Catherine Auer
    Doctor, SmartClinics

    Anytime I've had a problem I can't solve, I've found Centriohost to be diligent and persistent. They simply won't let an issue go until the client is happy. ~ . . . Read more

  • reseller hosting reviewer
    Effectivo Social
    Freelancer, Fiverr

    Recommend their shared hosting for all my SME web design clients. Their cloud or VME offerings are too great to deal with. Pricing is perfect and suitable for all users (͠≖ ͜ʖ͠≖) 👌 ~ . . . Read more

Top