How to install ConfigServer Security and Firewall (CSF) on CentOS

ConfigServer Security & Firewall (hay CSF) is a firewall popular, effectively and used on server Linux now. Besides the basic features such as a firewall, CSF also has advanced security functions, such as preventing flood login, port scans, SYN floods ...

Details of CSF features you can see here: http://www.configserver.com/cp/csf.html

Installation Guide CSF

1. Install modules required for CSF

Install module Perl for CSF script 

yum install perl-libwww-perl

2. Load CSF

cd /tmp

wget http://www.configserver.com/free/csf.tgz

3. Install CSF

Proceed to extract and install CSF

tar -xzf csf.tgz

cd csf

sh install.sh

4. Configure CSF

By default, the script will install and run on CSF in "Testing" means the server has not been at full protection. To disable the "Testing" you need to configure the options TCP_IN, TCP_OUT, UDP_IN and UDP_OUT to suit demand.

Open the configuration file CSF

nano /etc/csf/csf.conf

Edit the parameters accordingly

# Allow incoming TCP ports

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"

# Allow outgoing TCP ports

TCP_OUT = "20,21,22,25,53,80,110,113,443"

# Allow incoming UDP ports

UDP_IN = "20,21,53"

# Allow outgoing UDP ports

# To allow outgoing traceroute add 33434:33523 to this list

UDP_OUT = "20,21,53,113,123"

Once configured, turn off by switching TESTING Testing = "1" into TESTING = "0"

TESTING = "0"

Finally saved configuration file CSF

5. Run the CSF

Running CSF and allows manually activated whenever boot VPS

chkconfig --level 235 csf on

csf service restart

6. The configuration file CSF

Complete information and manage the configuration stored in CSF files in the folder / etc / csf. If you edit these files, the need to restart the CSF to change to take effect.

csf.conf: The configuration file for managing the CSF.

csf.allow: List of IP addresses allowed through the firewall.

csf.deny: List of IP addresses refused through the firewall.

csf.ignore: List of IP addresses allowed through the firewall and are not blocked if there are problems.

csf. * ignore: List user, IP is ignore.

7. Some commands use the CSF

Some commands used to add (-a) or deny (-d) IP address.

csf -d IPADDRESS

csf -a IPADDRESS

// Restart csf -r CSF

csf -x // Off CSF

csf -e // Open CSF

In case you forget the above command, use csf will list the entire list of options.

8. Remove CSF

If you want to completely erase the CSF, just use this script:

/etc/csf/uninstall.sh

This will delete the entire CSF, you should consider taking. If you want to temporarily disable CSF, then transferred into 1 TESTING mode.