Update the System

Before start this process we need to update server:

apt-get update -y

apt-get upgrade -y

Install CSF

Step 1: Download CSF

You can download CSF through below given url:

wget http://download.configserver.com/csf.tgz

It will be download in your current working directory. You can download it any custom directory according to you.

After download you need to uncompress CSF

compress file

tar -xzf csf.tgz

Now you need to go in csf directory

cd  csf

Now you need run the CSF installation script for install CSF

sh install.sh

Now firewall is installed. But we need to check it’s successfully installed or not.

perl /usr/local/csf/bin/csftest.pl

If you get output like in below screenshot then it’s installed scuccessfully and it will be working on server.

Step 2: Configure CSF

(i) The default configuration file of csf is csf.conf which is avaible in /ect/csf directory(/etc/csf/csf.conf)

cat  /etc/csf/csf.conf

(ii)Run the following commad to enable CSF

csf -e

(ii) Run the following command to start CSF

csf -s

(iii) Run the following command to stop CSF

csf -f

(iv) Run the following command to reload CSF

csf -r

(v) Run the following command to default rules of CSF

csf -l

Currently CSF in enable in testing  mode,so we need to disbale it in testing mode by make some changes in  CSF configuration file.

vi  /etc/csf/csf.conf

You need to replace TESTING = “1” to “0” for enable firewall.

Step 3: How to allow TCP_IN, TCP_OUT, UDP_IN and UDP_OUT (Incoming and outgoing Port) in CSF on server.

Allow TCP_IN Port

If you want Allow any TCP_IN custom port in CSF. You need to open CSF configuration file and add port in config for refrence see screenshot add custom port in below line which you want to add:

vi  /etc/csf/csf.conf

For eg. If you want to open port 11 in CSF

Save,exit csf configuration file and reload CSF firewall with the following command:

:wq

csf -r

Allow TCP_OUT Port

If you want Allow any TCP_OUT custom port in CSF. You need to open CSF configuration file and add port in config for refrence see screenshot add custom port in below line which you want to add:

vi  /etc/csf/csf.conf

For eg: Add port 55 in CSF configuration file.

Save,exit from csf configuration file and reload CSF firewall with the following command:.

:wq

csf -r

Allow UDP_IN Port

For allow any UDP_OUT custom port in CSF. You need to open CSF configuration file and add port in config file,for refrence see screenshot add custom port in below line which you want to add:

For eg: Add port 44 in CSF configuration file.

Save,exit from csf configuration file and reload CSF firewall with the following command:

:wq

csf -r

Allow UDP_OUT Port

For allow any UDP_OUT custom port in CSF. You need to open CSF configuration file and add port in config file,for reference see screenshot add custom port in below line which you want to add:

For eg: Add port 77 in CSF configuration file.

Save,exit from csf configuration file and reload CSF firewall with the following command:

:wq

csf -r

Step 4:Blocking and Allowing IP Addresses

Blocking IP addresses

If you want to block a ip address through CSF firewall. You to open csf.deny file of CSF.

vi /etc/csf/csf.deny

Enter ip and ip address range which you want to block to access your server for eg.

2.3.5.4

5.4.0.0/16

Save,exit from csf configuration file and reload CSF firewall with the following command:

:wq

csf -r

Allowing IP addresses

If you want to block a ip address through CSF firewall. You to open csf.deny file of CSF.

vi /etc/csf/csf.allow

Enter ip and ip address range which you want to block to access your server for eg.

2.3.5.4

5.4.0.0/16

Save,exit from csf configuration file and reload CSF firewall with the following command:

:wq

csf -r

Thankyou….