 is a Stateful Packet Inspection (SPI) firewall, Login/...){kind=link}
In this article, you will learn to Install and Configure CSF Firewall on AlmaLinux 9.
Config Server Firewall (CSF) is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection, and Security application for Linux servers.
It is a security tool that can protect your server against attacks, such as brute force, and improve server security.
Steps To Install and Configure CSF Firewall on AlmaLinux 9
To complete this guide, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide the Initial Server Setup with AlmaLinux 9.
Install CSF on AlmaLinux 9
First, you need to update your local package index with the command below:
sudo dnf update -y
Then, you need to install some dependencies on your AlmaLinux 9 with the following command:
sudo dnf install wget vim perl -y
Next, switch to your src directory:
cd /usr/src
At this point, use the wget command to download the CSF installer script on AlmaLinux 9:
sudo wget https://download.configserver.com/csf.tgz
Extract your downloaded file:
sudo tar xzf csf.tgz
Move to your CSF directory:
cd csf
Finally, run the CSF installer script with the following command:
sudo sh install.sh
When your installation is completed, test that you have required iptables modules:
sudo perl /usr/local/csf/bin/csftest.pl
In your output you will see:
Output
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server
Configure CSF on AlmaLinux 9
At this point, that you have CSF installed on your server, you need to edit the CSF configuration file.
Open the file with your favorite text editor, here we use vi:
sudo vi /etc/csf/csf.conf
Find the Testing line and change its value to 0.
TESTING = "0"
When you are done, save and close the file.
Now use the following commands to start and enable the CSF and LFD on AlmaLinux 9:
#sudo systemctl restart csf && sudo systemctl restart lfd #sudo systemctl enable csf && sudo systemctl enable lfd
Verify that your CSF and LFD are active and running on your server with the commands below:
sudo systemctl status csf && sudo systemctl status lfd
Output ● csf.service - ConfigServer Firewall & Security - csf Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: disabled) Active: active (exited) since Thu 2022-09-22 09:26:14 EDT; 31s ago Main PID: 11375 (code=exited, status=0/SUCCESS) CPU: 505ms ...
Output ● lfd.service - ConfigServer Firewall & Security - lfd Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2022-09-22 09:26:23 EDT; 39s ago Main PID: 11421 (lfd - sleeping) Tasks: 1 (limit: 23609) Memory: 138.9M CPU: 4.233s CGroup: /system.slice/lfd.service ...
You can check your CSF firewall version on AlmaLinux 9 with the command below:
csf -v
Output
csf: v14.17 (generic)
If you want to allow the incoming connection from an IP address, you can use the following syntax:
csf -a [IP Address]
Otherwise, if you want to deny the incoming connection from an IP address, you can use the following syntax:
csf -d [IP Address]
Remove ConfigServer Firewall
Also, if you want to uninstall the CSF firewall from your AlmaLinux 9, you can use the following command:
# cd /etc/csf # sh uninstall.sh
Conclusion
At this point, you have learned to Install and Configure CSF Firewall on AlmaLinux 9.
Hope you enjoy it.