In this tutorial, we will show you how to Install and Setup CSF Firewall on Debian 10 or 9 step by step. To increase the security of your server, the first thing you need to do is to install a firewall. CSF stands for Config Server Security & Firewall, which is the name of a security package for Linux VPS servers and is a comprehensive solution for almost complete server security and is very easy to work with and configure. The CSF is responsible for protecting the server and, as its name implies, is a firewall that prevents a variety of attacks, the most important of which are syn flood, DDos, and brute force. In this article, we are going to teach you how to Setup CSF Firewall on Debian 10.
CSF is one of the most popular and powerful IPtables management firewalls in the Linux operating system and is provided by Config Server for free and open-source. Features that have made this firewall popular include more server content management such as port management, connection management, process management, and more. CSF is best compatible with RedHat Enterprise, Fedora, CloudLinux, and CentOS operating systems. The most important features of CSF are:
To get the latest version and dependencies and update packages, just enter the following commands:
sudo apt update
sudo apt upgrade
To install CSF Firewall, just enter the following commands:
cd /temp
wget http://download.configserver.com/csf.tgz
tar xzf csf.tgz
cd /opt/csf
sh install.sh
Then you should check with the following method whether you have the required iptables modules or not:
perl /usr/local/csf/bin/csftest.pl Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing xt_connlimit...OK Testing ipt_owner/xt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK Testing iptable_nat/ipt_DNAT...OK
The default CSF configuration file is in the /etc/csf directory. Execute the following command to configure the required parameters for CSF:
nano /etc/csf/csf.conf
For the testing environment, the value should be TESTING = “1” and for a production environment, the value should be TESTING = “0”:
TESTING = "0"
You can use the following command to enable the log:
RESTRICT_SYSLOG = "3"
Allow incoming TCP ports using the below command:
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
Also, you can allow outgoing TCP ports:
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"
To allow incoming UDP ports:
UDP_IN = "20,21,53"
Finally, to allow outgoing traceroute add 33434:33523 to this list:
UDP_OUT = "20,21,53,113,123"
Now you need to save and close the file.
At this point, you can enter the following command to start the firewall:
sudo systemctl restart csf sudo systemctl enable csf
Here, you will learn how to enable the CSF web user interface. If your control panel supports CSI UI, this step is used.
apt install libio-socket-ssl-perl libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl libcrypt-ssleay-perl
After all the modules have been installed, you must now enable CSF web UI using the following commands:
nano /etc/csf/csf.conf
RESTRICT_UI = "1"
UI = "1"
UI_PORT = "8080"
UI_IP = " "
UI_USER = "admin"
UI_PASS = "admin@123456
For security reasons, you should always keep this option low (i.e 0-10):
UI_RETRY = "5"
This option will add the connecting IP address to the file /etc/csf/ui/ui.ban after UI_RETRY login failures:
UI_BAN = "1"
Tip: Only IPs (or CIDR’s) listed in the file /etc/csf/ui/ui.allow will be allowed to log in to the UI.”
You can enter the following command to allow access to your IP address:
nano /etc/csf/ui/ui.allow
Save and close the file after adding and saving the following line. Now you must restart the LFD service to apply the following changes:
service lfd restart
Finally, type the URL http://192.168.0.10:8080 in your web browser
The tutorial stated that the CSF firewall is for Linux-based distributions. We introduced CSF Firewall and listed its features. Then how to setup CSF Firewall on Debian 10 was taught. By using the above tutorials, you can easily install and setup CSF Firewall on Debian 10, 11 & 12.
How useful was this post?
Click on a star to rate it!
Average rating 0 / 5. Vote count: 0
No votes so far! Be the first to rate this post.
What is your suggestion to boost the performance of your server? This article has been prepared to e...
Choosing the right Linux distribution can be overwhelming for many users with the vast array of opti...
What is your opinion about this Blog?