- Install CSF. The one liner below will install CSF with the defauls confiruation and whitelist the IP that you are connected from.
# cd /usr/src && rm -fv csf.tgz && wget https://download.configserver.com/csf.tgz && tar -xzf csf.tgz && cd csf && sh install.sh - Next we will need to adjust the /etc/csf/csf.conf configuration file to enable the firewall. To do this, change TESTING = "0" to TESTING = "1" the command below will make the change for you.
# sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf - To prevent people from overloading the services on the server, we should set the CONNLIMIT and PORTFLOOD settings. Below is an example that will protect the http and ssh ports.
CONNLIMIT = "22;5,80;20,443;20"
PORTFLOOD = "22;tcp;5;300,80;tcp;20;5,443;tcp;20;5"
Here is a command to change this from the command line
# sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;20,443;20"/g' /etc/csf/csf.conf && sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;20;5,443;tcp;20;5"/g' /etc/csf/csf.conf - Lastly we will need to restart CSF to apply the configuration changes
# csf -r
For you convenience we've put it all together into a one liner that will install and make the described configuration changes.
# cd /usr/src && rm -fv csf.tgz && wget https://download.configserver.com/csf.tgz && tar -xzf csf.tgz && cd csf && sh install.sh && sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf && sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;20,443;20"/g' /etc/csf/csf.conf && sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;20;5,443;tcp;20;5"/g' /etc/csf/csf.conf && csf -r
