How To Install Sentinel Firewall On RockyLinux 9

How to Install Sentinel Firewall (CSF) on Rocky Linux 9

Sentinel Firewall (CSF + LFD) is a lightweight and feature-rich firewall management tool for Linux servers. It provides login failure detection, port scanning protection, and IP blocking, making it a robust security solution for Rocky Linux systems.

Switch to root (or use sudo)

sudo -s

Update your system

dnf update -y

Install prerequisites

dnf install -y wget tar perl

Download the Sentinel (CSF) package

cd /root
wget https://github.com/sentinelfirewall/sentinel/raw/refs/heads/main/csf.tgz

Extract the package

tar -xzf csf.tgz

Enter the extracted directory

cd csf

Run the installation script

sh install.sh

Post-Installation Configuration

After installation, follow these configuration steps to properly set up and enable Sentinel (CSF).

Edit the main configuration file

vi /etc/csf/csf.conf

Important parameters to configure

Setting	Description	Recommended
TESTING = "1"	CSF testing mode. Change to “0” to enable.	`0`
TCP_IN	Allowed inbound TCP ports.	`22,80,443,25,110,143,465,587,993,995`
TCP_OUT	Allowed outbound TCP ports.	`20,21,22,25,53,80,443,587,993,995`
UDP_IN / UDP_OUT	Allowed UDP ports (DNS, NTP, etc.).	`53,123`
ICMP_IN	Allow ping.	Optional
RESTRICT_SYSLOG	Restrict log access.	Default
LF_TRIGGER / LF_SSHD	Brute force thresholds.	Default

Save and exit (Ctrl + O, Ctrl + X).

Whitelist or Block Specific IPs

Whitelist your IP to avoid being locked out:

echo "203.0.113.5" >> /etc/csf/csf.allow

Block a known malicious IP:

echo "192.0.2.10" >> /etc/csf/csf.deny

Enable and Start the Firewall Services

systemctl enable csf
systemctl start csf
systemctl status csf

Then, enable and start lfd (Login Failure Daemon):

systemctl enable lfd
systemctl start lfd
systemctl status lfd

Disable Firewalld (to avoid conflicts)

systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld

Handle SELinux (if enforcing)

Check SELinux status:

sestatus

If enabled and enforcing, allow CSF rules:

dnf install -y policycoreutils-python-utils
ausearch -m avc -ts recent
audit2allow -a -M csf_custom
semodule -i csf_custom.pp

Test Configuration and Reboot

Reboot the system:

reboot

After reboot, verify CSF:

csf -v
csf -l

Optional Commands

Whitelist your IP if blocked:

csf -a <your_ip>

View logs:

tail -f /var/log/lfd.log
tail -f /var/log/messages

✅ Sentinel Firewall (CSF) is now installed and configured successfully on Rocky Linux 9.

In this guide,

CrownCloud

Get a SSD powered KVM VPS at $4.5/month!

1 GB RAM / 25 GB SSD / 1 CPU Core / 1 TB Bandwidth per month

Use Code:

WELCOME

for 10% off!

Get Started Now!

CrownCloud - Get a SSD powered KVM VPS at $4.5/month!

Use the code `WELCOME` for 10% off!

1 GB RAM / 25 GB SSD / 1 CPU Core / 1 TB Bandwidth per month

Available Locations: LAX | MIA | ATL | FRA | AMS

Get Started Now!

In this guide,

CrownCloud

Get a SSD powered KVM VPS at $4.5/month!

Use Code: WELCOME for 10% off!

CrownCloud - Get a SSD powered KVM VPS at $4.5/month!

Use the code WELCOME for 10% off!

Use Code:

WELCOME
for 10% off!

Use the code `WELCOME` for 10% off!