CSF stands for ConfigServer Security & Firewall. This very powerful and free CSF software firewall has been released and made available to the public by the Way to the Web team. This firewall is for Linux-based distributions. The CSF interface is integrated into popular Linux control panels such as Cpanel, Directadmin, and Plesk. In this article, we will first introduce you to the CSF firewall in its entirety. Then we will teach you about Tutorial Install and Configure Firewall CSF on Plesk. You can see the packages available in Eldernode if you want to buy a VPS hosting server.
Table of Contents
How to Install and Configure Firewall CSF on Plesk
A firewall is essential to keep the Plesk server secure. CSF is a free firewall that can be installed on your Plesk server as an alternative to Plesk Firewall. CSF is a comprehensive security solution for server hosting and can be easily integrated into the Plesk UI. That’s why we want to teach you how to Install and Configure Firewall CSF on Plesk. Please stay tuned for the rest of this article.
Introduction to Firewall CSF
CSF is one of the most popular and powerful IPtables management firewalls in the Linux operating system and is provided by a config server for free and open source. CSF is responsible for protecting the server and, as its name implies, is a firewall that prevents a variety of attacks, the most important of which are syn flood, DDoS, and brute force.
This firewall offers many features for server security. It also reviews reports of failed login attempts at regular intervals and is able to detect most unauthorized attempts to access your server. So you can set your desired security measures in the CSF configuration file.
The following applications are supported by this feature:
1. Courier IMAP, Dovecot, UW-IMAP
3. Pure-ftpd, vsftpd, Proftpd
4. Password protected web pages (Htpasswd)
5. Mod_security failures (v1 and v2)
6. Suhosin failures
7. Exim SMTP AUTH
Additionally, you can create your own log file.
Prerequisite for Installing Firewall CFS on Plesk
Before starting the Install and Configure Firewall CSF on Plesk, you should prepare the CSF dependencies. Because CSF is based on Perl, you need to install this on the server to get started. You must have Wget to download the CSF installer as well as vim or an editor of your choice such as Nano to modify the CSF configuration file.
So you have to install the packages using the following command:
yum install wget vim perl-libwww-perl.noarch perl-Time-HiRes
Install Firewall CSF on Plesk
Now that you have the CSF pre-installed dependencies, it’s time to install it. The first step is to go to the /usr/src/ folder to load CSF using the following command:
Then you have to extract the tar.gz file using the following commands and go to the CSF list. Then in the next step, install the tar.gz file:
tar -xzf csf.tgz
After you have successfully installed CSF, you should now check that CSF is working as needed on this server. So you have to go to the /usr/local/csf/bin/ directory using the following command:
Now you need to run “csftest.pl” by running the following command:
Finally, if you see the following answer, you can be sure that CSF is working properly on your server:
RESULT: csf should function on this server
How to Configure Firewall CSF on Plesk
An important point to note is that before you enter the CSF configuration process, you should know that the CentOS 7 default firewall program “Firewalld” should be stopped and removed from the startup. Therefore, you must use the following command to stop it:
systemctl stop firewalld
You can also use the following command to disable the Firewalld and remove it from the startup:
systemctl disable firewalld
You can now start configuring CSF. The first step is to go to the CSF configuration directory /etc/csf/ and modify the “csf.conf” file using the editor you want. To do this, use the following commands:
Then you need to change line 11 “TESTING” to “0” as in the following command to configure the CSF firewall:
TESTING = “0”
Note that CSF provides input and output traffic by default for the standard SSH 22 port, so if you want to use an alternative SSH port, you need to add your desired port to line 139 “TCP_IN“. Then you need to start CSF and LFD like the following commands:
systemctl start csf
systemctl start lfd
In the next step you can set CSF and LFD services to start when booting:
systemctl enable csf
systemctl enable lfd
Finally, you can view the CSF list by default using the following command:
Follow this section if you want to make more advanced configurations. Return to the csf configuration list and modify the csf.conf configuration file using the following commands:
If you want to make sure that a specific IP in CSF.allow will never be blocked by LFD, find the command “IGNORE_ALLOW” and change its value to “1“:
IGNORE_ALLOW = "1"
You can enable ICMP input and output using the following command:
ICMP_IN = "1"
ICMP_OUT = "1"
The CSF allows you to deny or grant access to certain countries via CIDR (Country Code). With the help of the following commands you can block or allow access to countries:
CC_DENY = "CN,UK,US"
CC_ALLOW = "ID,MY,DE"
One of the features that have made CSF firewalls popular is the greater management of server content such as port management, connection management, process management, and so on. By installing this firewall, you can turn off FirewallD or Iptables services completely. In this article, we tried to teach you how to Install and Configure Firewall CSF on Plesk.