Monday 25 April 2011

How to install a firewall or CSF

Installing a firewall in linux is just a couple of easy steps

log in as “root” and enter your password

First we thing we type in is;

rm -fv csf.tgz

click enter, and then type

wget http://www.configserver.com/free/csf.tgz

click enter and wait until done , then type

tar -xzf csf.tgz

click enter and then type

cd csf

click enter and then type

sh install.sh

and it will install itself

And you have a firewall on your server/vps and all we need to do turn it on.

Disable the Testing Mode and Start the Firewall

Remember by default the firewall is running in testing mode. You might want to disable the firewall running in testing mode.

nano /etc/csf/csf.conf

//Look for the first line and set testing mode to "0"
TESTING = "0"

//Now restart the firewall!
csf -r


Enable in cPanel or WHM

Go to your Whm panel and scroll down left side on bottom to “ConfigServer Security&Firewall” and click

Then click on “Firewall Configuration”

See on top where it says “TESTING =1″ , change 1 to 0 scroll down to bottom of page and click “Change”

This will start your firewall and you ready to go,we will customize it later.


Hints:

root@server[#] vi /etc/csf/csf.conf

Find TCP

# Allow incoming TCP ports

TCP_IN = “20,21,25,53,80,110,143,443,465,953,993,995,2082,2083,2086,2087,2095, 2096,8090,49226,26,512:65535,5666,3306,3333?

# Allow outgoing TCP ports

TCP_OUT = “20,21,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703,8090,512:65


Config Files

/etc/csf/csf.conf CSF Firewall configuration file
/etc/csf/csf.allow => Config file to allow IPs
/etc/csf/csf.deny => Config file to deny IPs
/etc/csf/ => Alert files with TXT extension are stored within this directory


// start the firewall
csf -s

// restart the firewall
csf -r

// flush the rules or stop the firewall.
csf -f

//Disable firewall
csf -x

//Enable firewall
csf -e

No comments:

Post a Comment