当前位置: 首页 > Linux > 正文

How to Install and Configure CSF Firewall on Linux

ConfigServer Security & Firewall (CSF) is an iptables based firewall. It provides high level of security to Linux server using iptables. The installation of csf is very simple and straightforward. CSF supports most of commonly used Linux operating systems like Red Hat Enterprise Linux, CentOS, CloudLinux, Fedora, openSUSE, Debian, Ubuntu & Slackware. Read more about CSF. Follow the below steps to install CSF firewall in your Linux operating system and do some configuration.

LFD stands for Login Failure Daemon. Its an process that actively monitors the log file for user login entries and send the alerts to admin on basis of configured rules. read moreabout CSF.

Install CSF Firewall

This article will help you to install CSF on Linux system with very easy steps.

Step 1: Download CSF Source Archive

Download latest CSF archive source code from its official site and extract on your Linux box. Then extract source code.

Step 2: Install CSF Firewall

CSF provides a bash script to easily install it on any operating system. This script automatically detects your operating system and install CSF accordingly. Run install.sh script.

Step 3: Test iptables modules

Run the csftest.pl perl script to verify if all the required iptables modules are installed on your system to make is proper working.

Step 4: Enable and Restart CSF

After successfully installing CSF on your system, You need to change following setting in csf.conf to enable CSF.

Now type the following command on the terminal to restart CSF firewall and reload new changes.

Additional Settings:-

Step 5: Enable CSF Web UI

Use our following tutorial to enable web UI for CSF firewall on Linux system.

https://tecadmin.net/how-to-enable-csf-firewall-web-ui/

Step 6: Prevent DDOS Attacks

Configure CSF+LDF to prevent server from DDOS attacks. To enable it edit /etc/csf/csf.conf and update following settings.

 

  • Total number of connections allowed from single host. To disable this feature, set this to 0
  • Connection Tracking interval in seconds.
  • Sent email alerts for each blocked ip.
  • Set this to 1 to block ips permanent.
  • If you opt for temporary IP blocks for CT, then the following is the interval
    in seconds that the IP will remained blocked
  • If you only want to count specific ports (e.g. 22,23,80,443) then add the ports. else keep it empty to check all ports

 

How to Install and Configure CSF Firewall on Linux

 

本文固定链接: http://t.yjsec.com/index.php/2017/12/02/18/ | 下一站

该日志由 admin 于2017年12月02日发表在 Linux 分类下, 你可以发表评论,并在保留原文地址及作者的情况下引用到你的网站或博客。
原创文章转载请注明: How to Install and Configure CSF Firewall on Linux | 下一站

How to Install and Configure CSF Firewall on Linux:等您坐沙发呢!

发表评论

快捷键:Ctrl+Enter