What is CSF (ConfigServer Security & Firewall)?

What is CSF (ConfigServer Security & Firewall)?

In this tutorial I will explain about CSF, so what is CSF (ConfigServer Security & Firewall)?

The thought with csf firewall, as with most iptables firewall configurations, is to block everything and athen allow through only those connections that you need. This is done in iptables by DROPPING all connections in and out of the server on all protocols. Then allow traffic in and out from existing connections. Then open ports up in and outgoing for both TCP and UDP individually.

See Also:

Open Ports

Open up the following file to open any ports using CSF Firewall:

# vim /etc/csf/csf.conf

and add the port you mean to open to the needed line:

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,10000"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995,10000"

# Allow incoming UDP ports
UDP_IN = "20,21,53"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "20,21,53,113,123"

Close Ports

Closing ports in either firewall are as simple as removing the port from the list in the configuration file, and restarting the firewall.

# vim /etc/csf/csf.conf

CSF Firwall Principle

One of the most basic features of a firewall is the ability to block and allow certain IP addresses. You can ignore IP Addresses also using CSF Firewall.

Block IP addresses
You might block an IP address or range of IP address, follow below steps.

# vim /etc/csf/csf.deny
# The following IP addresses will be blocked in iptables
# One IP address per line
# CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24)
# Only list IP addresses, not domain names (they will be ignored)
#
# Note: If you add the text "do not delete" to the comments of an entry then
# DENY_IP_LIMIT will ignore those entries and not remove them
#
# Advanced port+ip filtering allowed with the following format
# tcp/udp|in/out|s/d=port|s/d=ip
#
# See readme.txt for more information regarding advanced port filtering
#
104.238.189.37 (Block Individual IP Address)
222.186.21.196 (Block Individual IP Address)
192.168.10.0/255.255.255.0 (Block IP Addresses Range)

You can also block IP Addresses using following command:

# csf -d IP_Address
Or
# csf --deny IP_Address

Remove an IP from the blocklist

# csf -dr IP_Address

Allow IP addresses
You might allow an IP address or range of IP address, follow below steps.

# vim /etc/csf/csf.allow
# The following IP addresses will be allowed through iptables.
# One IP address per line.
# CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24).
# Only list IP addresses, not domain names (they will be ignored)
#
# Advanced port+ip filtering allowed with the following format
# tcp/udp|in/out|s/d=port|s/d=ip
# See readme.txt for more information
#
# Note: IP addressess listed in this file will NOT be ignored by lfd, so they
# can still be blocked. If you do not want lfd to block an IP address you must
# add it to csf.ignore
192.168.3.250 (Block Individual IP Address)
192.168.5.0/255.255.255.0 (Allow IP Addresses Range)

You can also block IP Addresses using following command:

# csf -a IP_Address
Or
# csf --allow IP_Address

Ignore IP addresses
CSF also ability to exclude IP addresses from the firewall filters.

# vim /etc/csf/csf.ignore
# The following IP addresses will be allowed through iptables.
# One IP address per line.
# CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24).
# Only list IP addresses, not domain names (they will be ignored)
#
# Advanced port+ip filtering allowed with the following format
# tcp/udp|in/out|s/d=port|s/d=ip
# See readme.txt for more information
#
# Note: IP addressess listed in this file will NOT be ignored by lfd, so they
# can still be blocked. If you do not want lfd to block an IP address you must
# add it to csf.ignore
192.168.3.250 (Block Individual IP Address)
192.168.5.0/255.255.255.0 (Allow IP Addresses Range)

Search IP Addresses
Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number)

# csf -g IP_Address
Or
# csf --grep IP_Address

View Ports
View ports on the server that have a running process behind them listening for external connections.

# csf -p
Or
# csf --ports

Disable csf and lfd
Run following command to disable csf and lfd completely.

# csf -x
Or
# csf --disable

Disable csf and lfd
Run following command to enable csf and lfd if previously disabled

# csf -e
Or
# csf --enable

Mail yourself a general security check
Display Server Check in HTML or email to [email] if present.

# csf -m support@linuxmasterswiki.com
Or
# csf --mail support@linuxmasterswiki.com

Restart CSF Firewall

CSF then needs to be restarted for the change to take effect:

# csf -r
Or
# csf --restart

Was this Tutorial helpful? Help others share on Facebook, Twitter, and Google Plus!

 
Enjoyed this video?
What is CSF (ConfigServer Security & Firewall)?
"No Thanks. Please Close This Box!"