Some of the firewall scripts that come with various hosting companies can leave a lot to be desired, and tackling IP tables head on can be intimidating, here is how to disable the default firewall and use an industry standard one which provides both a CLI and GUI through cPanel using WHM or on non-cPanel servers there is a GUI using DirectAdmin or WebMin.
CSF is Config Server Firewall, it’s free and available to use as a module for cPanel linux servers, it also comes with LFD – login failure daemon – so all the nasties are kept out.
First up is to disable the existing firewall, as it may disrupt the installation. Also if you are using Plesk Virtuozzo firewall you can leave this as is, as the CSF firewall will override it. If the existing firewall script is set up using chkconfig, run the following;
service iptables save service iptables stop chkconfig iptables off
Then you are ready to do the install:
wget http://www.configserver.com/free/csf.tgz tar -xzf csf.tgz cd csf sh install.sh perl /etc/csf/csftest.pl sh /etc/csf/remove_apf_bfd.sh
Once installed you can configure via CLI or WHM, in the CLI the config files will be in /etc/csf and WHM will have a plugin named ‘ConfigServer Security & Firewall’
Ths initial settings will open the default ports for a typical cPanel server and if you have connected via SSH it will whitelist your IP address to the /etc/csf.allow file so you don’t get locked out.
The firewall is in an initial testing mode – run your tests so you can access the server – the then put it out of testing and into live mode. By changing from 1 to 0 in the screen accessed from the “Firewall Configuration” button and confirm this by clicking ‘Change” down the bottom.
Thats CSF installed and it will now manage the underlying iptables on your linux / cPanel server. To see what firewall rules are currently loaded from the command lin you can run:
But you can use the friendly interface from cPanel/WHM to complete all firewall tasks.