ConfigServer Firewall (or CSF) & Security is a very popular and effective firewall is used on the server Linux today. Besides the basic features such as a firewall, the CSF has the following enhanced security features such as preventing flood login, port scans, SYN floods and. ..
Details of features of the CSF can be viewed here.
Installation instructions for the CSF
Installing CSF Firewall
1. install the modules required for the CSF
Install Perl modules for CSF scripts
yum install perl-libwww-perl
2. download the CSF
cd/tmp
wget http://www.configserver.com/free/csf.tgz
3. install CSF
Proceed to unpack and install the CSF
tar-xzf csf.tgz
cd csf
sh install.sh
4. configure the CSF
By default, the script will install and run the CSF in a “Testing”, means that the server at the moment not yet comprehensive protection. To deactivate “Testing” you need to configure the option TCP_OUT UDP_IN, UDP_OUT, TCP_IN and for compliance with the demand.
Open the configuration file CSF
nano/etc/csf/csf.conf
Edit the parameters as appropriate
# Allow incoming TCP ports
TCP_IN = “20, 21, 22, 25, 53, 80, 110, 143, 443, 465.587 .993 .995”
# Allow outgoing TCP ports
TCP_OUT = “20, 21, 22, 25, 53, 80.110 .113 .443”
# Allow incoming UDP ports
UDP_IN = “20, 21.53”
# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434: 33523 to this list
UDP_OUT = “20, 21, 53.113 .123”
When you have finished configuring, Testing mode by switching off TESTING = “1” into TESTING = “0”
TESTING = “0”
The last saved configuration file CSF
5. run the CSF
Running a CSF and enables itself whenever boot VPS
chkconfig–level 235 csf on
service restart csf
6. The file configure CSF
All of the configuration information and the management of CSF is saved in the file in the folder/etc/csf. If you edit these files then need to restart CSF to effect change.
csf. conf: main Configuration File to manage the CSF.
csf. allow: list of IP addresses allowed through the firewall.
csf. deny: deny IP address list through the firewall.
csf. ignore: a list of IP addresses allowed through firewall and block if there are problems.
csf. * ignore: user list, the IP is ignore.
7. some commands use the CSF
Some of the command used to add (-a) or deny (-d) an IP address.
csf-d IPADDRESS
csf-a IPADDRESS
csf-r//restart the CSF
csf-x//Disable CSF
csf-e//open the CSF
In case you forgot the command on, use the csf will list the entire list option.
8. Remove the CSF
If you want to completely delete the CSF, simply use the following script:
/etc/csf/uninstall.sh
This will delete the entire CSF should you need to consider when using. If you want to temporarily turn off the CSF, the TESTING regime can be transferred to 1.
Leave a Reply