CSF Firewall setup:
CSF is very popular firewall. It comes with lots of prebuilt features and most of the case just doing simple installation
will protect server from many known issues. Please check http://configserver.com/cp/csf.html to see all the options and features
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz tar -xzf csf.tgz cd csf sh install.sh
By default following ports are opened:
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995" TCP_OUT = "20,21,22,25,53,80,110,113,443" UDP_IN = "20,21,53" UDP_OUT = "20,21,53,113,123" We can remove any port or add any port as per our requirement. some important ports to be considered : 10000 // webmin default port 2087,2083,2086 // cpanel ports 26 // some server use 26 as outgoing mail server to by pass ISP limitation.
So based on your requirement, please add necessary ports.
to edit the ports open any editor like vim: vi /etc/csf/csf.conf
and dont forget to restart
service csf restart Blocking predefined IPs: vi /etc/csf/csf.deny 22.214.171.124 126.96.36.199/16 Allowing predefined IPS: vi /etc/csf/csf.allow
edit above file as per requirement to deny or allow predefined ips.
Ips can be single ip per line or range per line as above.
Once all the settings are done, we can set testing mode to live mode by
setting TESTING = 0 and restarting the csf by service csf restart
Csf comes with lots of command line command, simply typing csf on command line will show all the available
commands but some frequently used commands are:
csf -d <ip adress to block> csf -a <ip address to allow / unblock> csf -r <reload rules>