Install and Configure CSF Firewall on Ubuntu 20.04

Install and Configure CSF Firewall on Ubuntu 20.04

In this article, we want to teach you to Install and Configure CSF Firewall on Ubuntu 20.04.

ConfigServer Security & Firewall (CSF) is a popular VPS security tool for Linux. It provides a simple interface for iptables to protect Linux servers. CSF comes with multiple features: a stateful packet inspection firewall (SPI), intrusion detection, a login failure daemon, DDOS protection, and control panel integration.

what you read in this post?

Install and Configure CSF Firewall on Ubuntu 20.04

Before you start to complete this guide, you need to log in to your server as a non-root user with sudo privileges. To do this, you can follow our article the Initial Server Setup with Ubuntu 20.04.

Now follow the steps below to install the CSF firewall on Ubuntu 20.04.

Set up CSF Firewall on Ubuntu 20.04

First, you need to update your local package index with the following command:

sudo apt update

Then, install the required packages and dependencies with the following command:

sudo apt installperl zip unzip libwww-perl liblwp-protocol-https-perlsendmail-bin

Also, remember to remove the UFW firewall on Ubuntu 20.04 with the command below:

sudo apt remove ufw

By default, the CSF packages are not available in the default Ubuntu repository. So you need to download it from its official website on your server with the following command:

# cd /usr/src
# sudo wget http://download.configserver.com/csf.tgz

Next, extract your downloaded file:

sudo tar -xvzf csf.tgz

Now switch to your CSF directory and run the CSF installer script on Ubuntu 20.04 with the commands below:

# cd csf
#sh install.sh

Verify the required iptables modules for CSF are available with the command below:

sudo perl /usr/local/csf/bin/csftest.pl

In your output you will see:

Output
RESULT: csf should function on this server

You can verify your CSF installation by checking its version:

csf -v

Configure CSF Firewall on Ubuntu 20.04

As you know, CSF runs in testing mode. So you need to edit the CSF configuration file and disable the testing mode.

Open the CSF configuration file with your favorite text editor, here we use vi:

sudo vi /etc/csf/csf.conf

Find the line below and change its value to “0” as shown below:

TESTING = "0"

When you are done, save and close the file.

Stop and reload the CSF firewall with the following command:

csf -ra

Manage CSF Firewall

You can start the CSF service on your server by:

csf -s

To stop the CSF service on Ubuntu 20.04, use the command below:

csf -f

And to restart the CSF, you can use the command below:

csf -ra

Note: Remember to restart the CSF firewall every time you make changes on the CSF configuration file.

Also, you can allow or deny an IP address from the CLI.

Use the –d option to deny an IP address. For example:

csf -d 192.0.2.123

And use the -a option to allow an IP. For example:

csf -a 192.0.2.123

To remove IP from the allow list, you can use the following command:

csf -ar 192.0.2.123

Also, to remove IP from the deny list, you can run the command below:

csf -dr 192.0.2.123

To allow an incoming or outgoing port, you can edit the CSF configuration file on Ubuntu 20.04.

sudo vi /etc/csf/csf.conf

Locate the lines below and add or remove your desired ports:

# Allow incoming TCP ports
TCP_IN = 20,21,22,25,26,53,80,110,143,443,465,587,993,995,2077”

# Allow outgoing TCP ports
TCP_OUT = 20,21,22,25,26,37,43,53,80,110,113,443,465,873,2087”

When you are done, save and close the file.

Restart CSF for the changes to take effect.

# csf -ra

Conclusion

At this point, you learn to Install and Configure CSF Firewall on Ubuntu 20.04.

Hope you enjoy it.

Tags

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Related Posts

Stay informed and not overwhelmed, subscribe now!