ConfigServer Firewall, commonly known as CSF, is a popular and free security firewall software for Linux-based systems, including Ubuntu. CSF helps administrators configure and manage the iptables firewall rules, making it easier to secure a server by allowing or blocking specific network traffic. CSF provides features such as connection tracking, set up rules for filtering incoming and outgoing network traffic. It also includes tools for monitoring server logs, managing IP address blacklists, and various security checks to help protect servers from various types of attacks and threats.
A system with Ubuntu 23.10 installed and running.
- root access to the system.
Run the below command to ensure your system is up-to-date,
apt update -y apt upgrade -y
Before installing ConfigServer Firewall (CSF) on your Ubuntu server, it's a good idea to check if there are any other firewall tools or services already installed and running, as running multiple firewall solutions concurrently can lead to conflicts and complications.
You can check for running firewall-related services using the
systemctl command. Specifically, you can look for services related to firewalls, such as UFW (Uncomplicated Firewall) or iptables. Use the following command:
systemctl list-units --type=service | grep -E 'firewalld|ufw|'
This command will list services with names containing
ufw. If any of these services are listed as active, it means a firewall is running. You can disable the current active firewall on your Ubuntu server by the following command:
If UFW is the active firewall on your Ubuntu server, you can disable it with the following commands:
If your server uses firewalld as the firewall management tool, you can disable it using the following commands:
systemctl stop firewalld systemctl disable firewalld
CSF requires some Perl modules to work correctly. Install them using the following command,
apt install -y libwww-perl libcrypt-ssleay-perl libio-socket-ssl-perl
To install CSF, you can use the following commands:
Extract downloaded file using the following command:
tar -xzf csf.tgz
Go to CSF directory and run the following command to Install CSF:
cd csf sh install.sh
The firewall is now installed, but you should check if the required iptables modules are available. To verify it you can run the following command:
root@vps:~/csf# perl /usr/local/csf/bin/csftest.pl Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing xt_connlimit...OK Testing ipt_owner/xt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK Testing iptable_nat/ipt_DNAT...OK RESULT: csf should function on this server root@vps:~/csf#
After installation, you can edit the CSF configuration file to set your desired firewall rules and security settings. The main configuration file is typically located at
/etc/csf/csf.conf. You can modify or edit this file using the following command:
In this file, you can make any changes like, Allow incoming TCP ports, Allow outgoing TCP ports, etc.
For Example, To allow incoming/outgoing ports, you can add the following line in
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,853,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,8443"
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,853,873,993,995,2086,2087,2089,2703"
Make your desired changes, then save and exit the text editor.
To start the CSF firewall and apply your configured rules, run the following command:
CSF starts at boot by enabling it using the following command:
systemctl enable csf
That's it! You have now installed and configured CSF on Ubuntu 23.10