Install and configure CSF

This article will walk through how to install and configure CSF (ConfigServer Security & Firewall) in just a few steps

  1. Install CSF. The one liner below will install CSF with the defauls confiruation and whitelist the IP that you are connected from.

    # cd /usr/src && rm -fv csf.tgz && wget && tar -xzf csf.tgz && cd csf && sh

  2.  Next we will need to adjust the /etc/csf/csf.conf configuration file to enable the firewall. To do this, change TESTING = "0" to TESTING = "1" the command below will make the change for you.

    # sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf 

  3. To prevent people from overloading the services on the server, we should set the CONNLIMIT and PORTFLOOD settings. Below is an example that will protect the http and ssh ports.

    CONNLIMIT = "22;5,80;20,443;20"
    PORTFLOOD = "22;tcp;5;300,80;tcp;20;5,443;tcp;20;5"

    Here is a command to change this from the command line

    # sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;20,443;20"/g' /etc/csf/csf.conf && sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;20;5,443;tcp;20;5"/g' /etc/csf/csf.conf

  4. Lastly we will need to restart CSF to apply the configuration changes

    # csf -r

For you convenience we've put it all together into a one liner that will install and make the described configuration changes.

# cd /usr/src && rm -fv csf.tgz && wget && tar -xzf csf.tgz && cd csf && sh && sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf && sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;20,443;20"/g' /etc/csf/csf.conf && sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;20;5,443;tcp;20;5"/g' /etc/csf/csf.conf && csf -r

  • 215 Users Found This Useful
Was this answer helpful?

Related Articles

Install Bitcoin Core (Wallet) on Linux

This article explains how to install Bitcoin Core to use your VPS as a Bitcoin wallet. Please...

Install or Upgrade Plex Media Server on CentOS 7

Plex is one of our favorite pieces of software. Installing Plex Media Server on CentOS 7 is an...