Christian WellsCSF (ConfigServer Firewall) is a widely used and free security firewall software specifically designed for Linux-based systems like Ubuntu. It simplifies the process of securing a server by allowing administrators to configure and manage iptables firewall rules. With CSF, it becomes easier to block or allow specific network traffic, set up rules for filtering incoming and outgoing traffic, monitor server logs, manage IP address blacklists, and perform various security checks to protect servers from potential attacks and threats.
In this guide, we will walk you through the step-by-step process of installing and configuring CSF Firewall on an Ubuntu 23.10 server. Before we begin, make sure you have root access to the system and that it is running Ubuntu 23.10. Let’s get started!
Step 1: Update the System
Before installing CSF Firewall, it is always a good practice to ensure that your system is up-to-date. You can update your Ubuntu server by running the following commands:
apt update -y apt upgrade -y
Step 2: Check for Existing Firewall Solutions
To avoid conflicts and complications, it is important to check if there are any other firewall tools or services already installed and running on your Ubuntu server. You can use the systemctl command to list the active services related to firewalls:
systemctl list-units --type=service | grep -E 'firewalld|ufw|'
If any of these services are listed as active, it means that a firewall is already running. In such cases, you should disable the current active firewall before proceeding with the installation of CSF.
For Disabling UFW (Uncomplicated Firewall):
If UFW is the active firewall on your Ubuntu server, you can disable it by running the following command:
ufw disable
For Disabling firewalld:
If your server uses firewalld as the firewall management tool, you can disable it using the following commands:
systemctl stop firewalld systemctl disable firewalld
Step 3: Install Required Packages
CSF requires some Perl modules to function correctly. You can install these required packages by running the following command:
apt install -y libwww-perl libcrypt-ssleay-perl libio-socket-ssl-perl
Step 4: Download and Install CSF
To install CSF on your Ubuntu server, you need to download the CSF package and then proceed with the installation. Follow the steps below:
- Download the CSF package using the
wgetcommand:
wget https://download.configserver.com/csf.tgz
- Extract the downloaded file:
tar -xzf csf.tgz
- Go to the CSF directory:
cd csf
- Run the installation script:
sh install.sh
Step 5: Verify the Availability of iptables Modules
After installing CSF, it is important to verify if the required iptables modules are available. You can do this by running the following command:
perl /usr/local/csf/bin/csftest.pl
If all the tests pass without any errors, it means that CSF should function correctly on your server.
Step 6: Configure CSF
Once CSF is installed, you can proceed to configure it according to your specific requirements. The main configuration file for CSF is located at /etc/csf/csf.conf. You can edit this file using a text editor like nano:
nano /etc/csf/csf.conf
In the csf.conf file, you can make various changes to set up your desired firewall rules and security settings. For example, you can allow incoming and outgoing TCP ports by adding the following lines to the file:
Allow incoming TCP ports:
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,853,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,8443"
Allow outgoing TCP ports:
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,853,873,993,995,2086,2087,2089,2703"
Feel free to modify other settings according to your needs. Once you have made the desired changes, save the file and exit the text editor.
Step 7: Start CSF
To start the CSF firewall and apply your configured rules, run the following command:
csf -r
This command will start CSF and load the new configuration.
Step 8: Enable CSF at Boot
To ensure that CSF starts automatically at boot, enable it using the following command:
systemctl enable csf
Congratulations! You have successfully installed and configured CSF Firewall on your Ubuntu 23.10 server. CSF will now help you secure your server by managing iptables firewall rules and protecting it from various types of attacks and threats.
Remember to periodically review and update your CSF configuration to adapt to changing security needs. Additionally, make sure to keep your Ubuntu server and CSF installation up-to-date by installing security updates and new releases.
For high-performance and reliable cloud hosting solutions, consider Shape.host’s Cloud VPS services. Shape.host provides scalable and secure cloud hosting solutions tailored to meet the needs of businesses of all sizes. With Shape.host, you can enjoy the benefits of a robust and secure hosting environment backed by exceptional customer support.
