-- Config Server Firewall (or CSF) is a free and advanced firewall for most Linux distributions and Linux based VPS. In Addition to the Basic Functionality of a Firewall – Filtering Packets. CSF includes other security features, such as Login/Intrusion/Flood Detections.

Step: 1. Stop Firewall :

# service iptables stop
# chkconfig iptables off

Step: 2. Disable Selinux :

# vi /etc/sysconfig/selinux

SELINUX=disabled

-- Save & Quit (:wq)

Step: 3. Reboot the Server :

# init 6

Step: 4. Installation of CFS Dependencies :

# yum -y install wget vim perl perl-libwww-perl.noarch perl-Time-HiRes

Step: 5. Download & Extract CSF Package :

# cd /usr/src/
# wget https://download.configserver.com/csf.tgz
# tar -xzf csf.tgz

Step: 6. Install CFS :

# cd csf
# sh install.sh

Step: 7. Now You should Check that CSG really Works on this Server :

# cd /usr/local/csf/bin/
# perl csftest.pl

[OUTPUT]
RESULT: csf should function on this server.

Step: 8. Configure CSF :

# vi /etc/csf/csf.conf

-- Line No. 11 :

TESTING = "0"

Note: By default CSF Allows Incoming & Outgoing Traffic for the SSH Standard Port 22, if you use a Different SSH Port then please Add your port to the Configuration in line 139 "TCP_IN".

-- Line No. 69 :

RESTRICT_SYSLOG = "3"

-- Save & Quit (:wq)

Step: 9. Start CSF & LFD Service :

# service csf restart
# chkconfig csf on

# service lfd restart
# chkconfig lfd on

Step: 10. To View the list of Default Rules of CSF :

# csf -l
Or
# csf --status

Step: 11. Basic CSF Commands :

-- Start the Firewall (Enable the Firewall Rules) :

# csf -s
Or
# csf --start

-- Flush/Stop the Firewall Rules :

# csf -f
Or
# csf --stop

-- Reload the Firewall Rules :

# csf -f

-- Restart the Firewall Rules :

# csf -r
Or
# csf --restart

-- Allow an IP & Add it to csf.allow :

# csf -a 10.100.97.37
Or
# csf --add 10.100.97.37

-- Remove/Delete an IP from csf.allow :

# csf -ar 10.100.97.37
Or
# csf --addrm 10.100.97.37

-- Deny an IP & Add to csf.deny :

# csf -d 10.100.97.37
Or
# csf --deny 10.100.97.37

-- Remove/Delete an IP from csf.deny :

# csf -dr 10.100.97.37
Or
# csf --denyrm 10.100.97.37

-- Remove & Unblock all Entries from csf.deny :

# csf -df
Or
# csf --denyf

-- Search for a Pattern Match on iptables e.g : IP, CIDR, Port Number :

# csf -g 10.100.97.37
Or
# csf --grep 10.100.97.37

-- Disable CSF & LFD Completely :

# csf -x
Or
# csf --disable

-- Displays the Current List of Temporary Allow & Deny IP Entries with their TTL & Comment :

# csf -t
Or
# csf --temp

-- Add an IP to the Temp IP Allow List :

# csf -ta 10.100.97.37 ttl -p 22 -d 0.0.0.0 Allow All For Port No 22
Or
# csf --tempallow 10.100.97.37 ttl [-p port] [-d direction] [comment]

-- Add an IP to the Temp IP Ban List :

# csf -td 10.100.97.37 ttl -p 22 -d 0.0.0.0 Ban All For Port No 22
Or
# csf --tempdeny 10.100.97.37 ttl [-p port] [-d direction] [comment]

-- Remove an IP From the Temporary IP Ban or Allow List :

# csf -tr 10.100.97.37
Or
# csf --temprm 10.100.97.37

-- Flush all IPs from the Temporary IP Entries :

# csf -tf
Or
# csf --tempf

Step: 12. Advanced CSF Configuration :

# vi /etc/csf/csf.conf

-- Don't Block IP addresses that are in the csf.allow files :

IGNORE_ALLOW = "1"

-- Allow Incoming & Outgoing ICMP. Line No 152 for Incoming & Line 159 for Outgoing :

ICMP_IN = "1"
ICMP_OUT = "1"

-- Block Certain Countries. Go To Line 836 & Add the Country Codes :

CC_DENY = "CN,UK,US"
CC_ALLOW = "ID,IN,DE"

-- Send the Su & SSH Login Logs by Email. Go to the Line No. 1069 :

LF_SSH_EMAIL_ALERT = "1"

LF_SU_EMAIL_ALERT = "1"

-- And then Define the Email Address at Line No. 588 :

LF_ALERT_TO = "koushik@domain.com"

-- Save & Quit (:wq)

Step: 13. Restart CSF & LFD Service :

# service csf restart
# service lfd restart

IMPORTANT NOTES:
=================

-- The Ports Opened by Default are the Following :

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
TCP_OUT = "20,21,22,25,53,80,110,113,443"
UDP_IN = "20,21,53"
UDP_OUT = "20,21,53,113,123"

-- Services using the Open Ports :

Port 20: FTP data transfer
Port 21: FTP control
Port 22: Secure shell (SSH)
Port 25: Simple mail transfer protocol (SMTP)
Port 53: Domain name system (DNS)
Port 80: Hypertext transfer protocol (HTTP)
Port 110: Post office protocol v3 (POP3)
Port 113: Authentication service/identification protocol
Port 123: Network time protocol (NTP)
Port 143: Internet message access protocol (IMAP)
Port 443: Hypertext transfer protocol over SSL/TLS (HTTPS)
Port 465: URL Rendesvous Directory for SSM (Cisco)
Port 587: E-mail message submission (SMTP)
Port 993: Internet message access protocol over SSL (IMAPS)
Port 995: Post office protocol 3 over TLS/SSL (POP3S)

-- Below are Port sets that should be opened if you are Running the Listed Service :

On any Server:

TCP_IN: 22,53
TCP_OUT: 22,53,80,113,443
UPD_IN: 53
UPD_OUT: 53,113,123

Apache:

TCP_IN: 80,443

FTP Server:

TCP_IN: 20,21
TCP_OUT: 20,21
UPD_IN: 20,21
UPD_OUT:20,21

Mail Server:

TCP_IN: 25,110,143,587,993,995
TCP_OUT: 25,110

MySQL Server (if remote access is required):

TCP_IN: 3306
TCP_OUT: 3306

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog