Config Server Firewall (CSF) is a free and open-source firewall that is used to protect Linux servers from unauthenticated users. Services such as SSH, SMTP, HTTP, IMAP, POP3, and FTP as well as many other protocols, are continuously monitored by CSF.
This firewall allows you to temporarily or permanently block and unblock specified IP addresses. It also has a web-based interface for cPanel, Webmin, and DirectAdmin that allows you to manage your firewall from a web browser.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Linux firewall security queries.
In this context, we shall look into the process of installing and Configuring the Config Server Firewall on Ubuntu 20.04.
Steps to Configure CSF(Config Server Firewall) on Ubuntu
1. Remove UFW firewall
By default, Ubuntu comes with the UFW firewall already installed. The first thing that you would want to do is to remove it before installing the CSF firewall. Therefore, run the command:
$ sudo apt remove ufw
2. Install Required Dependencies
CSF Web comes with a web interface based on perl that requires some dependencies installed. Install the required dependencies with the below command:
$ sudo apt-get install sendmail dnsutils unzip git perl iptables libio-socket-ssl-perl libcrypt-ssleay-perl libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl -y
3. Download Config Server Firewall(CSF)
Download the CSF archive file from its official site since it is not available in Ubuntu repositories. Run the following wget command to download CSF:
$ sudo wget http://download.configserver.com/csf.tgz
Once the download is complete, extract the archive file with the command:
$ tar -xvzf csf.tgz
4. Install Config Server Firewall(CSF)
Next, navigate into the CSF directory and install it by running the following script:
$ cd csf
$ sh install.sh
Once the installation is complete, a success message will be displayed on the terminal. To confirm CSF is installed and running correctly, execute the command below:
$ sudo perl /usr/local/csf/bin/csftest.pl
5. Configure Config Server Firewall
CSF can be configured by editing its configuration file that is in the path /etc/csf/csf.conf:
$ sudo nano /etc/csf/csf.conf
Change the following lines at the beginning of the config file:
TESTING = "0"
RESTRICT_SYSLOG = "3"
Save and reload CSF using the commands below:
$ sudo csf -ra
You can also check the status of CSF with the following command:
$ sudo systemctl status csf
Here, the CSF service is up and running.
The CSF configuration file offers a wide range of settings. The default settings are generally satisfactory and can be used on practically any server. Common attacks such as port scans, flood attacks, and unauthorized access attempts are blocked by the default settings in the file.
If you want to fine-tune your configuration even further read the comments in the /etc/csf/csf.conf and make the necessary changes.
6. Manage CSF with Command Line
You can manage the CSF firewall using the command line. You can allow, deny, or ban an IP address. Below are examples of how to use the csf command.
Allow a specific IP address with the below command:
$ csf -a ip_address
Deny an IP address using the -d option followed by the IP address with the below command:
$ csf -d ip_address
To remove a blocked IP address from a CSF rule, run:
$ csf -dr ip_address
To display all firewall rules, run:
$ csf -l
7. Access the CSF Web Interface
CSF provides a web-based interface to manage the firewall from a web browser.
First, edit the CSF main configuration file with the following command:
$ nano /etc/csf/csf.conf
Add the following lines:
#Enable Web UI
UI = "1"
UI_PORT = "8080"
UI_USER = "admin"
#Admin user password
UI_PASS = "your-password"
UI_IP = ""
Save and close the file when you are finished. Then, you will need to edit the /etc/csf/ui/ui.allow file and add your server IP address and remote machine IP from where you want to access the CSF web UI.
$ nano /etc/csf/ui/ui.allow
Add your server IP and remote machine IP:
Save and close the file, then restart the CSF and LFD service to apply the changes:
$ csf -r
$ service lfd restart
Finally, open your web browser and search for the server IP address followed by port 8080:
[Need help in fixing Linux system security flaws ? We can help you. ]