In this article, we want to teach you How To Install and Configure the CSF firewall on Centos 7.
CSF (Config Server Firewall) is one of the most popular free-to-use firewalls for Linux servers. It is an easy-to-use firewall based on iptables (as a backend).
It can be managed via the command line using configuration files and commands.
Also, it can be integrated into a control panel (Example: cPanel/WHM to be managed directly from the web interface) and provides a very interesting and complete set of features.
The full list of supported operating systems and features can be found on ConfigServer’s website.
How To Install and Configure CSF firewall on Centos 7
Before you start to install CSF on Centos 7, you need to log in to your server as a root or non-root user with sudo privileges. To do this, you can follow our article the Initial Server Setup with Centos 7.
Now follow the steps below to install CSF on Centos 7.
Install Config Server Firewall (CSF) on Centos 7
First, you need to install the Perl on Centos 7 with the command below:
yum install perl-libwww-perl.noarch perl-Time-HiRes
Then, switch to your src directory with the following command:
Now use the wget command to download the CSF installer script on Centos 7:
Extract your downloaded file:
tar -xzf csf.tgz
Switch to your CSF directory:
At this point, use the command below to run the CSF script installer:
When your installation is completed, you need to stop and disable your firewalld with the commands below:
# systemctl stop firewalld # systemctl disable firewalld
Configure Config Server Firewall (CSF) on Centos 7
At this point, you need to edit the CSF configuration file to disable the default testing state.
Open the file with your favorite text editor, here we use vi:
At the file, find the line below and change its value to “0” as shown below:
TESTING = "0"
When you are done, save and close the file.
Here you can start and enable both CSF and LFD with the following commands:
# systemctl start csf # systemctl start lfd # systemctl enable csf # systemctl enable lfd
Verify that your CSF and LFD are active and running on Centos 7:
systemctl status csf
Output csf.service - ConfigServer Firewall & Security - csf Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: disabled) Active: active (exited) since Wed 2022-02-16 08:02:07 EST; 34s ago Main PID: 8914 (code=exited, status=0/SUCCESS) CGroup: /system.slice/csf.service
systemctl status lfd
Output lfd.service - ConfigServer Firewall & Security - lfd Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2022-02-16 08:02:14 EST; 19s ago Main PID: 9100 (lfd - sleeping) CGroup: /system.slice/lfd.service └─9100 lfd - sleeping
Now that you have enabled the CSF firewall on Centos 7, let’s see how to use the CSF firewall.
How To Use CSF firewall
At this point, you will learn some basic CSF usage.
To check the current firewall rules, you can use the following command:
Also, you can stop or reload them with the commands below:
# csf -f # csf -r
For example, to allow connections from 192.168.0.10, you can use the following command:
csf -a 192.168.0.10
Similarly, you can deny a connection with the command below:
csf -d 192.168.0.11
You can remove the above rules with the commands below:
# csf -ar 192.168.0.10 # csf -dr 192.168.0.11
At this point, you learn to use the -ar and -dr options to allow and deny rules associated with a given IP address.
As mentioned CSF firewall can be configured by editing its configuration file in /etc/csf/csf.conf.
You can limit your incoming connections to a safe number on a port basis. To do this, open the CSF configuration file on Centos 7 again and search for the CONNLIMIT.
You can specify multiple ports; connections pairs separated by commas. For example,
CONNLIMIT = "22;2,80;10"
All the configuration files of CSF are located under the /etc/csf directory.
- csf.conf: The main configuration file for controlling CSF.
- csf.allow: The list of allowed IPs and CIDR addresses on the firewall.
- csf.deny The list of denied IPs and CIDR addresses on the firewall.
- csf.ignore: The list of ignored IPs and CIDR addresses on the firewall.
- csf.*ignore: The list of various ignores files of users, IPs.
Just remember every time you modify these files, restart your CSF and LFD to apply the changes.
If you want to remove the CSF firewall completely, you can run the following command:
At this point, you learn to Install and Configure the CSF firewall on Centos 7 and some basic usage of it.
Hope you enjoy it.
May this article about Installing and Configuring CSF Firewall on AlmaLinux 8 be useful for you.