Hello,
In this week’s feature highlight, we look at How to Install CSF on Ubuntu 23.10
ConfigServer Firewall, commonly known as CSF, is a popular and free security firewall software for Linux-based systems, including Ubuntu. CSF helps administrators configure and manage the iptables firewall rules, making it easier to secure a server by allowing or blocking specific network traffic. CSF provides features such as connection tracking, set up rules for filtering incoming and outgoing network traffic. It also includes tools for monitoring server logs, managing IP address blacklists, and various security checks to help protect servers from various types of attacks and threats.
Pre-requisites
- A system with Ubuntu 23.10 installed and running.
- root access to the system.
Update the System
Run the below command to ensure your system is up-to-date,
apt update -y
apt upgrade -y
Before installing ConfigServer Firewall (CSF) on your Ubuntu server, it’s a good idea to check if there are any other firewall tools or services already installed and running, as running multiple firewall solutions concurrently can lead to conflicts and complications.
You can check for running firewall-related services using the systemctl
command. Specifically, you can look for services related to firewalls, such as UFW (Uncomplicated Firewall) or iptables. Use the following command:
systemctl list-units --type=service | grep -E 'firewalld|ufw|'
This command will list services with names containing firewalld
or ufw
. If any of these services are listed as active, it means a firewall is running. You can disable the current active firewall on your Ubuntu server by the following command:
For Disabling UFW (Uncomplicated Firewall)
If UFW is the active firewall on your Ubuntu server, you can disable it with the following commands:
ufw disable
For Disabling firewalld
If your server uses firewalld as the firewall management tool, you can disable it using the following commands:
systemctl stop firewalld
systemctl disable firewalld
Install required packages
CSF requires some Perl modules to work correctly. Install them using the following command,
apt install -y libwww-perl libcrypt-ssleay-perl libio-socket-ssl-perl
Download and Installation of CSF
To install CSF, you can use the following commands:
wget https://download.configserver.com/csf.tgz
Extract downloaded file using the following command:
tar -xzf csf.tgz
Go to CSF directory and run the following command to Install CSF:
cd csf
sh install.sh
The firewall is now installed, but you should check if the required iptables modules are available. To verify it you can run the following command:
perl /usr/local/csf/bin/csftest.pl
OutPut:
root@vps:~/csf# perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server
root@vps:~/csf#
Configure CSF
After installation, you can edit the CSF configuration file to set your desired firewall rules and security settings. The main configuration file is typically located at /etc/csf/csf.conf
. You can modify or edit this file using the following command:
nano /etc/csf/csf.conf
In this file, you can make any changes like, Allow incoming TCP ports, Allow outgoing TCP ports, etc.
For Example, To allow incoming/outgoing ports, you can add the following line in csf.conf
file.
Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,853,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,8443"
Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,853,873,993,995,2086,2087,2089,2703"
Make your desired changes, then save and exit the text editor.
Start CSF
To start the CSF firewall and apply your configured rules, run the following command:
csf -r
Enable CSF at Boot
CSF starts at boot by enabling it using the following command:
systemctl enable csf
That’s it! You have now installed and configured CSF on Ubuntu 23.10