Simple: Install and Configure CSF

This guide will explain how to install and configure CSF in simple mode:

Prerequisites

Before moving forward to download and install CSF section, we need to install the Perl module:

# On rpm based systems:
yum install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph

# On APT based systems:
apt-get install libwww-perl liblwp-protocol-https-perl libgd-graph-perl

# Via cpan:
perl -MCPAN -eshell
cpan> install LWP LWP::Protocol::https GD::Graph

stop and disable the default firewall

#on centos
systemctl stop firewalld
systemctl disable firewalld
#on ubuntu
systemctl stop ufw
systemctl disable ufw

Download and Install Config Server Firewall (CSF)

Installation is quite straightforward:

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Test CSF

Next, test whether you have the required iptables modules:

perl /usr/local/csf/bin/csftest.pl

Configure CSF

The CSF firewall can be fully enabled by setting it on /etc/csf/csf.conf, edit the file and change the following line per your requirements:

TESTING = "0"
RESTRICT_SYSLOG = "3"
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"

# Allow incoming UDP ports
UDP_IN = "20,21,53,80,443"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "20,21,53,113,123"

# Allow incoming PING. Disabling PING will likely break external uptime
# monitoring
ICMP_IN = "1"

Save and close the file, and then restart CSF:

csf -r


Start CSF and LFD with systemctl command.

systemctl start csf
systemctl start lfd

And then enable CSF and LFD to start on boot.

systemctl enable csf
systemctl enable lfd

Configuration Files

The configuration files

  • csf.conf - the main configuration file
  • csf.allow - a list of IPs and CIDR addresses that should always be allowed through the firewall
  • csf.deny - a list of IPs and CIDR addresses that should never be allowed through the firewall
  • csf.ignore - a list of IPs and CIDR addresses that lfd should ignore and not block if detected
  • csf.*ignore - various ignore files that list files, users, IPs that lfd should ignore. See each file for their specific purpose

For further knowledgebase, I recommend to read: https://www.woktron.com/secure/knowledgebase/77/Installation-CSF-Firewall-on-CentOS.html