Install the ConfigServer Security & Firewall (CSF) on CentOS

ConfigServer Firewall (or CSF) & Security is a very popular and effective firewall is used on the server Linux today. Besides the basic features such as a firewall, the CSF has the following enhanced security features such as preventing flood login, port scans, SYN floods and. ..

Details of features of the CSF can be viewed here.
Installation instructions for the CSF

Installing CSF Firewall
1. install the modules required for the CSF

Install Perl modules for CSF scripts

yum install perl-libwww-perl

2. download the CSF


3. install CSF

Proceed to unpack and install the CSF

tar-xzf csf.tgz
cd csf

4. configure the CSF

By default, the script will install and run the CSF in a “Testing”, means that the server at the moment not yet comprehensive protection. To deactivate “Testing” you need to configure the option TCP_OUT UDP_IN, UDP_OUT, TCP_IN and for compliance with the demand.

Open the configuration file CSF


Edit the parameters as appropriate

# Allow incoming TCP ports
TCP_IN = “20, 21, 22, 25, 53, 80, 110, 143, 443, 465.587 .993 .995”

# Allow outgoing TCP ports
TCP_OUT = “20, 21, 22, 25, 53, 80.110 .113 .443”

# Allow incoming UDP ports
UDP_IN = “20, 21.53”

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434: 33523 to this list
UDP_OUT = “20, 21, 53.113 .123”

When you have finished configuring, Testing mode by switching off TESTING = “1” into TESTING = “0”


The last saved configuration file CSF
5. run the CSF

Running a CSF and enables itself whenever boot VPS

chkconfig–level 235 csf on
service restart csf

6. The file configure CSF

All of the configuration information and the management of CSF is saved in the file in the folder/etc/csf. If you edit these files then need to restart CSF to effect change.

csf. conf: main Configuration File to manage the CSF.
csf. allow: list of IP addresses allowed through the firewall.
csf. deny: deny IP address list through the firewall.
csf. ignore: a list of IP addresses allowed through firewall and block if there are problems.
csf. * ignore: user list, the IP is ignore.

7. some commands use the CSF

Some of the command used to add (-a) or deny (-d) an IP address.

csf-r//restart the CSF
csf-x//Disable CSF
csf-e//open the CSF

In case you forgot the command on, use the csf will list the entire list option.
8. Remove the CSF

If you want to completely delete the CSF, simply use the following script:


This will delete the entire CSF should you need to consider when using. If you want to temporarily turn off the CSF, the TESTING regime can be transferred to 1.

Leave a Reply

Your email address will not be published.