Tutorial Setup CSF Firewall on Debian 10

In this tutorial, we will show you how to Install and Setup CSF Firewall on Debian 10 or 9 step by step. To increase the security of your server, the first thing you need to do is to install a firewall. CSF stands for Config Server Security & Firewall, which is the name of a security package for Linux VPS servers and is a comprehensive solution for almost complete server security and is very easy to work with and configure. The CSF is responsible for protecting the server and, as its name implies, is a firewall that prevents a variety of attacks, the most important of which are syn flood, DDos, and brute force. In this article, we are going to teach you how to Setup CSF Firewall on Debian 10.

What is CSF Firewall and its features?

CSF is one of the most popular and powerful IPtables management firewalls in the Linux operating system and is provided by Config Server for free and open-source. Features that have made this firewall popular include more server content management such as port management, connection management, process management, and more. CSF is best compatible with RedHat Enterprise, Fedora, CloudLinux, and CentOS operating systems. The most important features of CSF are:

• A comprehensive script based on SPI Iptables

• Tracks POP3/IMAP inputs

• SSH login alert and use of SU

• Blocking excessive connections

• Has a graphical user interface for control panels cPanel, DirectAdmin, and Webmin

• Initial pre-configuration for servers with cPanel and DirectAdmin control panels

• Initial configuration for ports to be opened

• Blocks traffic for IPs that are not used

• Reports suspicious activity to the server administrator and user overuse of resources

• Reports suspicious cases, especially on TMP and other similar routes

• Monitors folders and files to check for changes made within them

• Protection against BOGON packages

• Preset configuration for low, medium, and high protections (cPanel only)

• Ability to work in sync with multiple network cards

• Overview of server security and giving it points along with suggestions for fixing the upcoming issues

• Possibility of IP addresses for dynamic DNS

• Checks mod_security reports

How to Install CSF Firewall on Debian 10

To get the latest version and dependencies and update packages, just enter the following commands:

sudo apt update

sudo apt upgrade

To install CSF Firewall, just enter the following commands:

cd /temp

wget http://download.configserver.com/csf.tgz

tar xzf csf.tgz

cd /opt/csf

sh install.sh

Then you should check with the following method whether you have the required iptables modules or not:

perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

How to Configure CSF Firewall on Debian 10

The default CSF configuration file is in the /etc/csf directory. Execute the following command to configure the required parameters for CSF:

nano /etc/csf/csf.conf

For the testing environment, the value should be TESTING = “1” and for a production environment, the value should be TESTING = “0”:

TESTING = "0"

You can use the following command to enable the log:

RESTRICT_SYSLOG = "3"

Allow incoming TCP ports using the below command:

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"

Also, you can allow outgoing TCP ports:

TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"

To allow incoming UDP ports:

UDP_IN = "20,21,53"

Finally, to allow outgoing traceroute add 33434:33523 to this list:

UDP_OUT = "20,21,53,113,123"

Now you need to save and close the file.

How to Start the Firewall on Debian 10

At this point, you can enter the following command to start the firewall:

sudo systemctl restart csf 
sudo systemctl enable csf

Here, you will learn how to enable the CSF web user interface. If your control panel supports CSI UI, this step is used.

apt install libio-socket-ssl-perl libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl libcrypt-ssleay-perl

After all the modules have been installed, you must now enable CSF web UI using the following commands:

nano /etc/csf/csf.conf

RESTRICT_UI = "1"

UI = "1"

UI_PORT = "8080"

UI_IP = " "

UI_USER = "admin"

UI_PASS = "admin@123456

For security reasons, you should always keep this option low (i.e 0-10):

UI_RETRY = "5"

This option will add the connecting IP address to the file /etc/csf/ui/ui.ban after UI_RETRY login failures:

UI_BAN = "1"

Tip: Only IPs (or CIDR’s) listed in the file /etc/csf/ui/ui.allow will be allowed to log in to the UI.”

How to Access IP Address

You can enter the following command to allow access to your IP address:

nano /etc/csf/ui/ui.allow

Save and close the file after adding and saving the following line. Now you must restart the LFD service to apply the following changes:

service lfd restart

Finally, type the URL http://192.168.0.10:8080 in your web browser

Conclusion

The tutorial stated that the CSF firewall is for Linux-based distributions. We introduced CSF Firewall and listed its features. Then how to setup CSF Firewall on Debian 10 was taught. By using the above tutorials, you can easily install and setup CSF Firewall on Debian 10, 11 & 12.