Tech Transit

How-tos Blog posts Open Source, Linux, and DevOps

Set up CSF Firewall on Centos 7/ RHEL 7

BySachin G

Sep 18, 2015

ConfigServer  (CSF) is advanced firewall and free available for Linux  and debian based distributions. In latest versoin of CentOs  7 , RHEL 7 , CloudLinux 7  servers  require that use the firewalld daemon but we can use iptables command for firewall and In WHM CSF only allow to modify iptables rules .

So Here  in this article we  will show you how to disabled default firewall (firewalld) on CentOS 7 , RHEL 7 and CloudLinux 7 and install iptables with CSF Configuration.

 

Disable firewalld with  mask :

Stop the firewalld .

# systemctl stop firewalld

Disable auto start from auto start

#systemctl disable firewalld

Prevention from automatic start firewalld , run below command.

systemctl mask firewalld

 

Install and configure iptables :

# yum -y install iptables-services

For iptables and ip6tables :

# touch /etc/sysconfig/iptables

# touch /etc/sysconfig/ip6tables

Start the Iptables service :

# systemctl start iptables
# systemctl start ip6tables

Boot time service Start :

# systemctl enable iptables
# systemctl enable ip6tables

Install & Download dependencies for CSF :

yum -y install perl perl-libwww-perl   net-tools wget  perl-GDGraph  perl-LWP-Protocol-https  -y

Download the CSF installer :

# cd /opt

# wget https://download.configserver.com/csf.tgz

Uncompress download CSF file.

# tar xzf csf.tgz

Run the installer :

# cd csf

#sh install.sh

You can remove installation files after installation that is /opt/csf and /opt/csf.tgz

After installation you should check the  iptables new module will work or not . run below command and check the output , it will look my below output.

# perl /usr/local/csf/bin/csftest.pl

OUTPUT :

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

Here no fatal error is showing , so this firewall should work perfectly.

Configuring CSF Firewall :

Basic configuration file of CSF firewall is in /etc/csf directory with name csf.conf. You should have good knowledge of networking concept and port for configuring firewall.

#vi /etc/csf/csf.conf

After making change you need to run below command for update changes in firewall settings.

#csf -r

Thank you

 

 

By Sachin G

I am a professional freelance contributor and founder of tech transit. Love to write and lover of education, culture, and community. I have been using it, setting, supporting, and maintaining it since 2009.Linux rocks! Sachin G Follow me on LinkedIn and x formerly twitter

Related Post

Linux Administrator

How to prevent PHP errors from being displayed on a browser by display_errors

Mar 22, 2024
Linux Administrator

How to Remove the Special Permissions of Important Files and Stop Hackers

Mar 21, 2024
Linux Administrator

SSH Security: How to Set LoginGraceTime for Maximum Protection

Mar 21, 2024

Blog Post

DevOps

How to Encrypt or Decrypt String through Ansible Vault

March 23, 2024 Sachin G
Linux Administrator

How to prevent PHP errors from being displayed on a browser by display_errors

March 22, 2024 Sachin G
Linux Administrator

How to Remove the Special Permissions of Important Files and Stop Hackers

March 21, 2024 Sachin G
Linux Administrator

SSH Security: How to Set LoginGraceTime for Maximum Protection

March 21, 2024 Sachin G