ConfigServer Security & Firewall
(CSF) is a suite of scripts provides:
- A straight-forward SPI iptables firewall script;
- A daemon process that checks for Login Authentication;
- A Control Panel configuration interface;
- ... and much more!
The tutorial was prepared with our "CentOS 7 + DirectAdmin" template and is meant to work on our self-managed virtual private servers.0. Preliminary requirements:
1. CSF installation
- "CentOS 7 + DirectAdmin" template installed on server;
- Fully updates server software (yum update).
Installation of CSF is quite straightforward because it preconfigured to work with DirectAdmin:
tar -xzf csf.tgz
sh install.sh2. CSF configuration
After installation CSF starts in testing mode and there are a couple of things to take care of. First of all, you have to log in to your DirectAdmin. By default, the address is:http://your-server-ip:2222
After successfully login you should select "ConfigServer Firewall&Security":
You should now see that there are two notices that we need to take care of. So select "ConfigServer Firewall" and then select "Firewall Configuration":
First, we will turn off testing mode:
And then we should restrict syslog/rsyslog access:
After these changes press the button "Change" at the bottom of the page and "Restart csf+lfd" afterward.
That is it, now you have a fully working ConfigServer firewall. For more information regarding CSF please visit their Read me page