ConfigServer Firewall (CSF) is a firewall configuration script that provides your server's security while giving you an advanced, easy to use interface for managing firewall settings. You can easily install it to your server via SSH and later manage it via WHM.
Installation
Login to your server via SSH (using terminal) as root and execute further commands:
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Usage
The firewall is installed through the terminal, but configuration and use are still available on the WHM platform. In WHM Search enter 'ConfigServer Security & Firewall' and select it in the menu on the left.
Firewall Configuration
Be sure to disable the test mode. At first, the Firewall Status will be in Test Mode. At certain intervals, cPanel will run a periodic task (cronjob) that will reset your configuration. After finishing the configuration, the test mode needs to be disabled, otherwise, the changes will be lost.
There are a lot of different settings on this page. For example, IPv4 Port Settings allow incoming and outgoing traffic to the server via TCP, UDP, ICMP, and other ports. Let's say you need MySQL to be able to receive remote connection. So you need to add 3306 port in TCP_IN row. Or let's say you need some applications on the server to perform queries in the remote server, so we're going to include this 3306 port in TCP_OUT row.
Ports are separated by commas. Changes are saved at the bottom of the page.
After changes are saved, you need to restart both csf and lfd.
If the firewall on the server is in full and not the test mode, you will see a message:
This is just one of the configuration options. All other features are described in the Firewall Configuration page, and changes are made the same as in the example described before.
Check server security
This is a handy tool that shows your server's security level.
By default, the server is not protected at the recommended level:
For your safety, you can use the tips on this page. When making changes, be careful not to interfere with applications running on the server.
Allow/deny IP addresses
Quick Allow means that the IP here will be allowed to perform any task on your server (any incoming traffic, any port, etc). It's a whitelist.
Quick Deny is an opposite list. You can, for example, place the IP addresses that performed DDoS attacks for your server there. It's a blacklist.
Quick Unblock is used if the IP address was blocked by an accident. You can unblock it with this feature.
Check for IPs in RBLs
This tool will check every IP address in your server for any public blacklists.
Take note that it takes some time to complete. We have reviewed some of the key features of CSF. However, there are many more, so we recommend that you explore the features of this tool yourself and tailor them to your server's needs.
Comments