How to Configure CSF Firewall on Linux (Complete Step-by-Step Guide)

Himanshu Joshi Knowledgebase

Configure CSF Firewall on Linux to set up a powerful and advanced firewall configuration tool for Linux-based systems, commonly used with cPanel and WHM. CSF offers robust features like IP blocking, port filtering, and login tracking for comprehensive server security.

Configuring CSF on Linux ensures that your server is protected from unauthorized access and potential threats.

CSF Firewall on Linux Server

This guide will walk you through installing and configuring CSF Firewall on a Linux server.

Prerequisites

Before you begin configuring CSF on your Linux system, ensure the following:

  • Linux Distribution: CSF can be installed on most Linux distributions, including CentOS, Ubuntu, and Debian.
  • Root Access: You need root or sudo access to install and configure CSF.
  • cPanel/WHM (Optional): CSF is often used with cPanel and WHM. If you’re using a cPanel server, this guide will be particularly helpful, but CSF can also be used on servers without cPanel.
  • Basic Knowledge of Linux Firewalls: It’s helpful to have a basic understanding of Linux firewall rules and ports to configure CSF effectively.

These prerequisites will ensure a smooth installation and configuration of CSF.

Configure CSF Firewall on Linux

Configure CSF Firewall on Linux to enhance server security with an advanced, user-friendly firewall solution. Let’s install CSF Firewall, then will configure:

Step 1: Install CSF

  • Download CSF

CSF can be installed directly from the official website or using the terminal. To begin the installation, first ensure your system is up-to-date:

sudo yum update # For CentOS/RHELsudo apt update # For Ubuntu/Debian

Next, install the necessary packages:

  • For CentOS/RHEL:

sudo yum install perl

  • For Ubuntu/Debian:

sudo apt install perl

After installing the required dependencies, download and install CSF:

cd /usr/src
sudo wget https://download.configserver.com/csf.tgz
sudo tar -xvzf csf.tgz
cd csf
sudo sh install.sh

This will download the CSF archive, extract it, and install it on your system.

  • Verify Installation

After installation, you can verify that CSF is successfully installed by checking the status:

sudo csf -v

You should see the CSF version number if it’s installed correctly.

Step 2: Configure CSF Firewall

Once CSF is installed, you need to configure CSF to suit your server’s needs. The main configuration file for CSF is located at /etc/csf/csf.conf.

  • Edit the Configuration File

Open the CSF configuration file in a text editor:

sudo nano /etc/csf/csf.conf
  • Set Testing Mode

CSF includes a “testing” mode, which allows you to make changes without immediately enforcing them. This is useful to ensure that the firewall won’t block your access while configuring it. In the configuration file, find the following line and set it to 0:

TESTING = "0"

Setting this option to 0 means that CSF will be in active mode once configured.

  • Configure Basic Settings

Here are a few important settings to check and modify according to your needs:

  • Allowing SSH Access:

Ensure SSH access is allowed so you don’t lock yourself out. Set the correct SSH port under:

LF_ALERT_TO = "youremail@example.com"
LF_BLOCK_TIME = "3600"  # Set the block time for 1 hour

Adjust the port for SSH if you’re using a non-default port.

  • Change the Port for CSF:

If you want CSF to listen on a custom port (other than the default 443), modify the following line:

LF_TRIGGER_PORT = "443"
  • Configure IP Block List

CSF includes a feature for blocking malicious IPs. The configuration file has an option to set the maximum number of login attempts before blocking an IP:

LF_ALERT_TO = "youremail@example.com"
LF_BLOCK_TIME = "3600"  # Set the block time for 1 hour

This sends alerts to your email whenever a suspicious IP is blocked.

  • Save and Exit

After making the necessary changes, save the file and exit the text editor (CTRL + O to save and CTRL + X to exit in nano).

Step 3: Enable and Start CSF

  • Start CSF

To start CSF, use the following command:

sudo systemctl start csf
  • Enable CSF on Boot

Ensure that CSF starts automatically when the server reboots:

sudo systemctl enable csf
  • Check CSF Status

To check the status of CSF and ensure it’s running properly, use the following command:

sudo systemctl status csf

You should see active (running) if CSF is working properly.

Step 4: Configure Firewall Rules

Once CSF is installed and running, it’s time to configure specific firewall rules. You can manage these rules directly through the CSF configuration file (/etc/csf/csf.conf) or use the CSF command-line utility.

  • Allow or Deny IPs

To block a specific IP address:

sudo csf -d 192.168.1.100

To allow a specific IP address:

sudo csf -a 192.168.1.100

To deny a specific IP address:

sudo csf -d 192.168.1.101
  • Custom Ports

If you need to open or close specific ports for services running on your server, modify the csf.conf file.

  • Add the ports to the TCP_IN or TCP_OUT variables to allow incoming or outgoing traffic on those ports. For example, to allow the MySQL port (3306):
TCP_IN = "22,80,443,3306"
  • Check for Blocked IPs

If you need to see which IPs have been blocked, use the following command:

sudo csf -g 192.168.1.100

Step 5: Testing CSF Configuration

After configuring CSF, it’s important to test that the firewall is working correctly.

  • Test Port Accessibility

Check if the required ports are open. You can use telnet to check for open ports:

telnet your-server-ip 80

This will tell you if port 80 is open on your server.

  • Test CSF Logging

Review CSF’s log files to see if any issues or alerts have been logged:

sudo tail -f /var/log/lfd.log

This will show real-time logs of blocked IPs, login attempts, and other security events.

Step 6: Monitor CSF and Log in to the Web Interface

CSF has a web-based interface available through WHM (for cPanel users), but it can also be managed via the command line. However, if you’re not using cPanel, you can still monitor CSF by checking log files regularly and reviewing blocked IPs.

Access the Web Interface (For cPanel users)

If you’re using cPanel/WHM, you can access CSF via the WHM interface:

  • Log in to WHM.
  • Navigate to Plugins > ConfigServer Security & Firewall.
  • Here, you can see real-time statistics, adjust settings, and manage IPs.

Conclusion

In this guide, we’ve walked through how to configure CSF on Linux, from installation to configuring firewall rules and ensuring secure server operation. CSF provides an easy-to-manage yet powerful firewall solution that helps protect your server from unauthorized access and security threats.

By configuring CSF, you’ve taken an essential step in securing your Linux server, ensuring that it remains protected from malicious traffic and potential attacks. With its wide range of features and customizable settings, CSF is a reliable choice for managing server security effectively.

Tags:
Leave A Comment