In this Tutorial, we want to teach you How To Set up CSF Firewall on Rocky Linux 8.
ConfigServer Firewall (CSF) is a Firewall software installed on your server to keep it secure. It provides an advanced and easy-to-use web-based interface to manage firewall settings. You can also manage your firewall settings/configuration via the Secure Shell.
With this firewall service, you can:
- Control traffic flowing into your server space.
- Prevent DDoS attacks.
- Track network connections.
ConfigServer Firewall comes with a child service called Login Failure Daemon (LFD). This service watches the activity of the users configured on the server for excessive login failures. That behavior is commonly seen during brute force attacks.
How To Set up CSF Firewall on Rocky Linux 8
To install CSF on Rocky Linux 8, you need to log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide the Initial Server Setup with Rocky Linux 8.
Now you can follow the steps below to install the CSF firewall on your server.
Install CSF on Rocky Linux 8
First, you need to update your local package index with the command below:
sudo dnf update -y
Then, you need to install some dependencies on your Rocky Linux 8 with the following command:
sudo dnf install perl-libwww-perl perl-Math-BigInt wget -y
Next, switch to your src directory:
At this point, use the wget command to download the CSF installer script on Rocky Linux 8:
sudo wget https://download.configserver.com/csf.tgz
Extract your downloaded file:
sudo tar xzf csf.tgz
Move to your CSF directory:
Finally, run the CSF installer script with the following command:
sudo sh install.sh
When your installation is completed, test that you have required iptables modules:
sudo perl /usr/local/csf/bin/csftest.pl
In your output you will see:
Output Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing xt_connlimit...OK Testing ipt_owner/xt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK Testing iptable_nat/ipt_DNAT...OK RESULT: csf should function on this server
Configure CSF on Rocky Linux 8
At this point, that you have CSF installed on your server, you need to edit the CSF configuration file.
Open the file with your favorite text editor, here we use vi:
sudo vi /etc/csf/csf.conf
Find the Testing line and change its value to 0.
TESTING = "0"
When you are done, save and close the file.
Now use the following commands to start and enable the CSF and LFD on Rocky Linux 8:
#sudo systemctl restart csf && sudo systemctl restart lfd #sudo systemctl enable csf && sudo systemctl enable lfd
Verify that your CSF and LFD are active and running on your server with the commands below:
sudo systemctl status csf && sudo systemctl status lfd
Output csf.service - ConfigServer Firewall & Security - csf Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset:> Active: active (exited) since Wed 2022-01-26 08:27:52 EST; 19s ago Main PID: 91673 (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 11409) Memory: 0B CGroup: /system.slice/csf.service
Output lfd.service - ConfigServer Firewall & Security - lfd Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset:> Active: active (running) since Wed 2022-01-26 08:27:53 EST; 37s ago Main PID: 91861 (lfd - sleeping) Tasks: 1 (limit: 11409) Memory: 118.8M CGroup: /system.slice/lfd.service └─91861 lfd - sleeping
You can check your CSF firewall version on Rocky Linux 8 with the command below:
Output csf: v14.15 (generic)
If you want to allow the incoming connection from an IP address, you can use the following syntax:
csf -a [IP Address]
Otherwise, if you want to deny the incoming connection from an IP address, you can use the following syntax:
csf -d [IP Address]
Also, if you want to uninstall the CSF firewall from your Rocky Linux 8, you can use the following command:
# cd /etc/csf # sh uninstall.sh
CSF is able to recognize many attacks, such as port scans, SYN floods, and login brute force attacks on many services. It is configured to temporarily block clients who are detected to be attacking the cloud server.
At this point, you learn to set up and configure the CSF firewall on Rocky Linux 8.
Hope you enjoy it.