How to Install CSF Firewall on Ubuntu 18.04


Config Server Firewall (CSF) is an open source firewall that can be used in most Linux based operating system to protect servers against unauthenticated users. CSF continuously monitor server's log file and notify login authentication failures SSH, SMTP, HTTP, IMAP, POP3, FTP and many protocols. CSF allows you to manually block and unblock specific IP address temporary or permanently (don’t fool around with the process of ). CSF provides web-based interface for cPanel, DirectAdmin and Webmin to manage firewall from web browser. CSF is very simple, easy to install, straightforward and supports a lot of Linux-based operating systems like, CentOS, Ubuntu, RedHat, OpenSUSE, Debian. CSF uses login failure daemon handle (LFD) that checks LFD logs at a regular time interval, find failed login attempts and block them immediately. This wikiHow will show you how to install CSF Firewall.

Part 1

 on How to Install CSF Firewall on Ubuntu 18.04

1
You can update it with the following command:

 on How to Install CSF Firewall on Ubuntu 18.04

2
apt-get update -y apt-get upgrade -y

 on How to Install CSF Firewall on Ubuntu 18.04

3
Do this once the updating process has been completed.

 on How to Install CSF Firewall on Ubuntu 18.04

4
You can download it with the following command:

 on How to Install CSF Firewall on Ubuntu 18.04

5
wget

 on How to Install CSF Firewall on Ubuntu 18.04

6

 on How to Install CSF Firewall on Ubuntu 18.04

7
tar -zxvf csf.tgz

 on How to Install CSF Firewall on Ubuntu 18.04

8

 on How to Install CSF Firewall on Ubuntu 18.04

9
cd csf sh install.sh

 on How to Install CSF Firewall on Ubuntu 18.04

10

 on How to Install CSF Firewall on Ubuntu 18.04

11
Created symlink /etc/systemd/system/firewalld.service → /dev/null. 'csf/LICENSE.txt' -> 'webmin/csf/images/LICENSE.txt' 'csf/bootstrap/js/bootstrap.min.js' -> 'webmin/csf/images/bootstrap/js/bootstrap.min.js' 'csf/bootstrap/css/bootstrap.min.css.map' -> 'webmin/csf/images/bootstrap/css/bootstrap.min.css.map' 'csf/bootstrap/css/bootstrap.min.css' -> 'webmin/csf/images/bootstrap/css/bootstrap.min.css' 'csf/bootstrap/fonts/glyphicons-halflings-regular.eot' -> 'webmin/csf/images/bootstrap/fonts/glyphicons-halflings-regular.eot' 'csf/bootstrap/fonts/glyphicons-halflings-regular.woff2' -> 'webmin/csf/images/bootstrap/fonts/glyphicons-halflings-regular.woff2' 'csf/bootstrap/fonts/glyphicons-halflings-regular.svg' -> 'webmin/csf/images/bootstrap/fonts/glyphicons-halflings-regular.svg' 'csf/bootstrap/fonts/glyphicons-halflings-regular.ttf' -> 'webmin/csf/images/bootstrap/fonts/glyphicons-halflings-regular.ttf' 'csf/bootstrap/fonts/glyphicons-halflings-regular.woff' -> 'webmin/csf/images/bootstrap/fonts/glyphicons-halflings-regular.woff' 'csf/bootstrap-chosen.css' -> 'webmin/csf/images/bootstrap-chosen.css' 'csf/chosen-sprite.png' -> 'webmin/csf/images/chosen-sprite.png' 'csf/chosen-sp[email protected]' -> 'webmin/csf/images/[email protected]' 'csf/chosen.min.css' -> 'webmin/csf/images/chosen.min.css' 'csf/chosen.min.js' -> 'webmin/csf/images/chosen.min.js' 'csf/configserver.css' -> 'webmin/csf/images/configserver.css' 'csf/csf-loader.gif' -> 'webmin/csf/images/csf-loader.gif' 'csf/csf.svg' -> 'webmin/csf/images/csf.svg' 'csf/csf_small.png' -> 'webmin/csf/images/csf_small.png' 'csf/jquery.min.js' -> 'webmin/csf/images/jquery.min.js' 'csf/loader.gif' -> 'webmin/csf/images/loader.gif' '/etc/csf/csfwebmin.tgz' -> '/usr/local/csf/csfwebmin.tgz' Installation Completed

 on How to Install CSF Firewall on Ubuntu 18.04

12
You can check it with the following command:

 on How to Install CSF Firewall on Ubuntu 18.04

13
perl /usr/local/csf/bin/csftest.pl

 on How to Install CSF Firewall on Ubuntu 18.04

14

 on How to Install CSF Firewall on Ubuntu 18.04

15
Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing xt_connlimit...OK Testing ipt_owner/xt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK Testing iptable_nat/ipt_DNAT...OK RESULT: csf should function on this server

 on How to Install CSF Firewall on Ubuntu 18.04

16
The default CSF configuration file is located at /etc/csf directory. You can configure the required parameters for CSF with the following command:

 on How to Install CSF Firewall on Ubuntu 18.04

17
nano /etc/csf/csf.conf

 on How to Install CSF Firewall on Ubuntu 18.04

18

 on How to Install CSF Firewall on Ubuntu 18.04

19
#For testing environment the value should be TESTING = "1" and for production environment, the value should be TESTING = "0". TESTING = "0"

 on How to Install CSF Firewall on Ubuntu 18.04

20
UDP_OUT = "20,21,53,113,123"

 on How to Install CSF Firewall on Ubuntu 18.04

21
Then, start the CSF firewall with the following command:

 on How to Install CSF Firewall on Ubuntu 18.04

22
systemctl start csf

 on How to Install CSF Firewall on Ubuntu 18.04

23

 on How to Install CSF Firewall on Ubuntu 18.04

24
systemctl status csf

 on How to Install CSF Firewall on Ubuntu 18.04

25

 on How to Install CSF Firewall on Ubuntu 18.04

26
● csf.service - ConfigServer Firewall & Security - csf Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: enabled) Active: active (exited) since Wed 2019-07-03 06:22:01 UTC; 3s ago Process: 2618 ExecStart=/usr/sbin/csf --initup (code=exited, status=0/SUCCESS) Main PID: 2618 (code=exited, status=0/SUCCESS) Jul 03 06:22:01 ubuntu1804 csf[2618]: ACCEPT all opt in * out lo ::/0 -> ::/0 Jul 03 06:22:01 ubuntu1804 csf[2618]: LOGDROPOUT all opt in * out !lo ::/0 -> ::/0 Jul 03 06:22:01 ubuntu1804 csf[2618]: LOGDROPIN all opt in !lo out * ::/0 -> ::/0 Jul 03 06:22:01 ubuntu1804 csf[2618]: csf: FASTSTART loading DNS (IPv4) Jul 03 06:22:01 ubuntu1804 csf[2618]: csf: FASTSTART loading DNS (IPv6) Jul 03 06:22:01 ubuntu1804 csf[2618]: LOCALOUTPUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 Jul 03 06:22:01 ubuntu1804 csf[2618]: LOCALINPUT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 Jul 03 06:22:01 ubuntu1804 csf[2618]: LOCALOUTPUT all opt in * out !lo ::/0 -> ::/0 Jul 03 06:22:01 ubuntu1804 csf[2618]: LOCALINPUT all opt in !lo out * ::/0 -> ::/0 Jul 03 06:22:01 ubuntu1804 systemd[1]: Started ConfigServer Firewall & Security - csf.

 on How to Install CSF Firewall on Ubuntu 18.04

27

 on How to Install CSF Firewall on Ubuntu 18.04

28
csf -s csf -r

 on How to Install CSF Firewall on Ubuntu 18.04

29
CSF also provides web-based interface for managing the firewall from the web interface. In order to enable CSF Web Interface, you will need to install some Perl modules to your system. You can install all the required modules with the following command:

 on How to Install CSF Firewall on Ubuntu 18.04

30
apt-get install libio-socket-ssl-perl libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl libcrypt-ssleay-perl -y

 on How to Install CSF Firewall on Ubuntu 18.04

31
conf file. You can do it with the following command:

 on How to Install CSF Firewall on Ubuntu 18.04

32
nano /etc/csf/csf.conf

 on How to Install CSF Firewall on Ubuntu 18.04

33

 on How to Install CSF Firewall on Ubuntu 18.04

34
RESTRICT_UI = "1" UI = "1" UI_PORT = "8080" UI_IP = "" UI_USER = "admin" UI_PASS = "[email protected]

 on How to Install CSF Firewall on Ubuntu 18.04

35
UI_ALLOW = "1"

 on How to Install CSF Firewall on Ubuntu 18.04

36
Then, allow access to your IP address with the following command:

 on How to Install CSF Firewall on Ubuntu 18.04

37
nano /etc/csf/ui/ui.allow

 on How to Install CSF Firewall on Ubuntu 18.04

38

 on How to Install CSF Firewall on Ubuntu 18.04

39
192.168.0.4

 on How to Install CSF Firewall on Ubuntu 18.04

40
Then, restart LFD service to apply these changes:

 on How to Install CSF Firewall on Ubuntu 18.04

41
service lfd restart

 on How to Install CSF Firewall on Ubuntu 18.04

42

 on How to Install CSF Firewall on Ubuntu 18.04

43
service lfd status

 on How to Install CSF Firewall on Ubuntu 18.04

44

 on How to Install CSF Firewall on Ubuntu 18.04

45
● lfd.service - ConfigServer Firewall & Security - lfd Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2019-07-03 06:26:13 UTC; 3s ago Process: 3291 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS) Main PID: 3318 (lfd - sleeping) Tasks: 4 (limit: 1114) CGroup: /system.slice/lfd.service ├─3318 lfd - sleeping ├─3329 lfd - checking system integrity ├─3331 sh -c /usr/bin/md5sum /usr/bin/* /usr/sbin/* /bin/* /sbin/* /usr/local/bin/* /usr/local/sbin/* /etc/init.d/* /etc/xinetd.d/* └─3332 /usr/bin/md5sum /usr/bin/NF /usr/bin/VGAuthService /usr/bin/[ /usr/bin/aa-enabled /usr/bin/aa-exec /usr/bin/acpi_listen /usr/ Jul 03 06:26:12 ubuntu1804 systemd[1]: Starting ConfigServer Firewall & Security - lfd... Jul 03 06:26:13 ubuntu1804 systemd[1]: Started ConfigServer Firewall & Security - lfd.

 on How to Install CSF Firewall on Ubuntu 18.04

46
Open your web browser and type the URL . You will be redirected to a new page.

 on How to Install CSF Firewall on Ubuntu 18.04

47
You should see the CSF default dashboard. You should see the following page: From here, you can allow, deny and unblock specific IP addresses quickly. You can also Search IPs, Allow IPs, Deny IPs, Restart Firewall, Enable Firewall and Temporary allow/deny IPs.