Ubuntu with CSF Firewall

Step 1 – Install CSF

 

By default, CSF is not available in the Ubuntu standard repository, so you will need to download it from their official website.

wget http://download.configserver.com/csf.tgz

Once downloaded, extract the downloaded file with the following command:

tar -xvzf csf.tgz

 

Disable UFW

ufw disable

 

Next, change the directory to the extracted directory and install CSF by running the install.sh script:

cd csf
bash install.sh

Once the installation has been completed successfully, you should get the following output:

Installation Completed


Next, verify whether all required Iptables modules are installed with the following command:

perl /usr/local/csf/bin/csftest.pl

If everything is fine, you should get the following output:

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

Step 2 – Configure CSF

Next, you will need to configure CSF as per your security standard. You can configure it by editing the file /etc/csf/csf.conf:

nano /etc/csf/csf.conf

Change the following line per your requirements:

TESTING = "0"
RESTRICT_SYSLOG = "3"
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"

# Allow incoming UDP ports
UDP_IN = "20,21,53,80,443"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "20,21,53,113,123"

# Allow incoming PING. Disabling PING will likely break external uptime
# monitoring
ICMP_IN = "1"

Save and close the file, then restart the CSF with the following command:

csf -r

Enable CSF

systemctl enable csf
 
 
  • ubuntu, csf, firewall, ufw
  • 0 gebruikers vonden dit artikel nuttig
Was dit antwoord nuttig?

Gerelateerde artikelen

Ubuntu VPS

Elastic Virtual Private Server on Top of Ubuntu OS Ubuntu is considered one of the most...

CentOS VPS

Elastic Virtual Private Server on Top of CentOS CentOS stands for Community ENTerprise...

SSH Access to VPS Gate

Access Linux VPS Container via SSH Gate In order to manage the required software inside your...

Setting Mail Server Inside CentOS VPS

Setting Mail Server Inside CentOS VPS With Apiqcloud Platform it is possible to integrate...

Installation of cPanel in Apiqcloud

Install cpanel in elastic VPS- 1. Firstly, log in to your Apiqcloud account and access...