How to Disable the default Linux Firewall and use CSF

csf-logo

csf-logo

Some of the firewall scripts that come with various hosting companies can leave a lot to be desired, and tackling IP tables head on can be intimidating, here is how to disable the default firewall and use an industry standard one which provides both a CLI and GUI through cPanel using WHM or on non-cPanel servers there is a GUI using DirectAdmin or WebMin.

CSF is Config Server Firewall, it’s free and available to use as a module for cPanel linux servers, it also comes with LFD – login failure daemon – so all the nasties are kept out.

First up is to disable the existing firewall, as it may disrupt the installation. Also if you are using Plesk Virtuozzo firewall you can leave this as is, as the CSF firewall will override it. If the existing firewall script is set up using chkconfig, run the following;

Then you are ready to do the install:

Couple of links to the official readme and install files.

Once installed you can configure via CLI or WHM, in the CLI the config files will be in /etc/csf and WHM will have a plugin named  ‘ConfigServer Security & Firewall’

csf-whm-firewall

csf-whm-firewall

Ths initial settings will open the default ports for a typical cPanel server and if you have connected via SSH it will whitelist your IP address to the /etc/csf.allow file so you don’t get locked out.

The firewall is in an initial testing mode – run your tests so you can access the server – the then put it out of testing and into live mode. By changing from 1 to 0 in the screen accessed from the “Firewall Configuration” button and confirm this by clicking ‘Change” down the bottom.

testing-set-to-zero-csf

testing-set-to-zero-csf

Thats CSF installed and it will now manage the underlying iptables on your linux / cPanel server. To see what firewall rules are currently loaded from the command lin you can run:

But you can use the friendly interface from cPanel/WHM to complete all firewall tasks.