You’ve just set up your new cheap VPS, and now you want to set up a firewall to protect your server. Here we show you how.

Config Server Firewall is a free, open source advanced firewall that can be used in most Linux-based servers. Apart from basic functionality CSF also filters packets, and includes security features like login/flood/intrusion detections. CSF has a UI for cPanel, Webmin, and DirectAdmin. Config Server Firewall can identify attacks like SYN floods and port scans login bruteforce attacks in various services.

We will be discussing how to install CSF in a Debian-based system like Ubuntu.

You will need to have root permissions to execute some of the commands. Login as root, or initiate root shell by typing the following to check whether sudo is installed or not:

Login authentication
Config Server Firewall frequently checks for failed logins and identifies unauthorized attempts.  In such case, you can define desired action.

Process tracking
You can configure Config Server Firewall to track processes so open network ports or suspicious processes can be detected. An email can be triggered and sent to administrator when such activity is detected.

Directory watching
Directory watching allows you to monitors /temp and other folders for malicious scripts. An email can be triggered and sent to the administrator.

Port flood protection
In the event of DoS (denial of service) attacks, this setting safeguards against a potential port flood attack. We can define allowed connections for each port

Connection limit protection
With this number of concurrent or active connection from an IP to each port can be limited.

How to install CSF

Step 1 – Download

In Ubuntu or Debian, CSF can’t be found in repos so it has to be downloaded from ConfigServer’s website.

Open terminal and type

wget http://download.configserver.com/csf.tgz

This will download CSF to your current working directory.

Step 2 – Uncompressing

Next, uncompress the downloaded zip file.

Step 3 – Installation

If you are using any other firewall like UFWQ, then you need to disable it. To disable type ufw disable

Please note, you need to root to run this command.

Next, To install / execute CSF, go to CSF folder and type

sh install.sh

Now, you can see that the firewall has been installed.

Basic Configuration

You can now configure Config Server Firewall. For this you need to edit csf.conf which is the main configuration file. To edit conf file type the following command. Please make sure you have root before running it.

Next, you will see an editor type interface where you can make changes.

Ports opened by defaults are:


Here you start can making changes. You can remove ports that you don’t want to allow.

Step 3: Applying the Changes

To apply changes, press Ctrl + X and then you will be asked whether you want to save or not. If you press Y then changes will be saved and if N is pressed changes won’t be saved.

How to block or allow an IP address?

Ability to block IP is one of the basic functionalities of the firewall. You can block or allow or ignore an IP by editing the appropriate config files – csf.allow, csf.deny and csf.ignore.

How to block IP addresses

If you would like to block an IP address or range, open csf.deny.

Type the following to open csf.deny where you can add IP to block

Put the IP address to block in one line.

How to allow IP addresses

Similarly, if you want to allow an IP, then you can put it in the csf.allow file. Note that an IP present in csf.allow will be allowed even if it is also entered in csf.deny.

To put an IP in the allow list type the following :

And then in next, editor window put IP that you want allow.

How to ignore IP addresses

Config Server Firewall also has functionality to exclude IPs from firewall filters. If you add an IP address to csf.ignore then it is bypassed by firewall filters.

 

Facebooktwitterredditpinterestlinkedinmail