How does CSF firewall work?

CSF configures your server's firewall to lock down public access to services and only allow certain connections, such as logging in to FTP, checking email, or loading websites. Configuration details are covered in Managing Your CSF Firewall.

What is CSF in Linux?

ConfigServer Firewall (CSF) is an advanced firewall suite for Linux systems that enhances the security on your Server. It also has the Login Failure Daemon (LFD) process that regularly scans for failed login attempts on your Server and takes action against the offending IP Addresses.

How can I check my CSF firewall status?

You should have the SSH login permission to the 'Server' in-order to start or stop the CSF. Initially, login to the server through SSH using a Terminal or Putty. To check the status of CSF, run the command.

ConfigServer Security & Firewall (CSF) is a Stateful Packet Inspection (SPI) firewall, login/intrusion detection, and security application for Linux servers provided by ConfigServer. Login Failure Daemon (LFD) is a daemon process that runs on our servers, which uses CSF for server security.

All the configuration files of csf are located under /etc/csf directory. If you modify any of the following files you will need to restart the csf daemon to take changes. csf. conf : This is the main configuration file for controlling CSF.

How To Install, Configure & Commands for CSF SSH CentOS

If you're fairly new at using CSF (Config Server Firewall) or even if you are not, its useful to have all the commands at hand to use should you need to make any changes.

In this guide we'll show you how to install CSF on CentOS if you haven't done so already, basic configuration and the commands used within SSH. CentOS 7 can also be used.

IMPORTANT: WE RECOMMEND DOWNLOADING CENTOS 7 ONLY AS CENTOS 8 EOL (END OF LIFE) IS ON THE 31ST DECEMBER 2021 AND WILL NOT BE PROVIDING ANY FURTHER UPDATES AFTER THIS TIME.

Download SSH client

If you're a complete beginner you'll be thinking, what is SSH and how do I access it? SSH is easy to access and requires you to have a programme such as Putty that allows you to connect.

To connect via SSH you'll need the following:

Your IP address or server hostname.

The root username.

The root password.

Installing CSF

If you haven't got CSF but would like to install it to make your server more secure, just type in the following:

If you are starting with a clean operating system install, you will need to install wget, which will fetch the required files.

yum -y install wget

After wget has been installed go to the /usr/src directory, this is where CSF (Config File Server) will be installed.

cd /usr/src/

Next, we will use the wget command to fetch the software so we can install it.

wget https://download.configserver.com/csf.tgz

We will then use the tar command to extract the tar.gz file.

tar -xzf csf.tgzcd csfsh install.sh

You should then have a message once its completed that Config File Server has successfully installed.

Lets test to see if it is working properly, if you've not installed PERL you'll need to do this to check its working properly.

yum install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph

Now copy the text to see if it is fully working.

perl /usr/local/csf/bin/csftest.pl

You should have an output which looks something like this:

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server.

CSF is now installed.

Configuring CSF

Now that you've installed Config File Server by default its disabled so we'll need to enable this, lets go to the CSF directory.

cd /etc/csf

You can now view all the files within the directory using the dir command.

We are going to edit the csf.conf file using vim or nano, you can also install one of these text editors using any of the commands:

yum install nano or yum install vim

Once installed type nano or vim followed by csf.conf

nano csf.conf
vim csf.conf

This is the main file to make any changes to the firewall, to enable the firewall change TESTING from 1 to 0.

TESTING=0

Once you've completed setting the firewall rules, save and exit then restart CSF to implement the new rules.

csf -r

We would also recommend adding your IP to csf.ignore and csf.allow so it doesn't get blocked.

CSF commands cheat sheet

Command	Description	Example
csf -e	Enable CSF	root@server[~]#csf -e
csf -x	Disable CSF	root@server[~]#csf -x
csf -s	Start firewall rules	root@server[~]#csf -s
csf -f	Flush & Stop firewall rules	root@server[~]#csf -f
csf -r	Restart the firewall rules	root@server[~]#csf -r
csf -a [IP] [Optional comment]	Allow an ip, adds to /etc/csf/allow	root@server[~]#csf -a 123.456.78.9 Business IP address
csf -td [IP] [Optional comment]	Puts IP on a temporary deny list in /var/lib/csf/csf.tempban	root@server[~]#csf -td 123.456.78.9 Strange traffic patterns
csf -tr [IP]	Removes the IP from the temporary IP ban or allow list	root@server[~]#csf -tr 123.456.78.9
csf -tf [IP]	Flush all IPs from the temporary IP entries	root@server[~]#csf -tf 123.456.78.9
csf -d [IP] [Optional comment]	Deny an IP and add to /etc/csf/csf.deny	root@server[~]#csf -tf 123.456.78.9 Brute force attacker
csf -dr [IP]	Unblock an IP and removes from /etc/csf/csf.deny	root@server[~]#csf -tf 123.456.78.9
csf -df [IP]	Removes and unblocks all entries in /etc/csf/csf.deny	root@server[~]#csf -df
csf -g [IP]	Searches the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number)	root@server[~]#csf -g 123.45.67.89
csf -t	Displays the current list of temporary allow and deny IP entries with their TTL and comments	root@server[~]#csf -t

If you are looking for secure hosting check out our DirectAdmin web hosting packages, includes free SSL for website encryption.