ConfigServer Firewall setup
Install and configure ConfigServer firewall for your server.
ConfigServer Firewall setup
CSF installation on servers with cPanel
SSH onto the box and sudo as root, execute the following commands to download and install:
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
This will take care of installing the firewall, now for the configuration. PS: leave your ssh connection opened since it will be required again.
Login to the box whm console and search for firewall, from here we go to Firewall configuration.
Configuration - ports and settings
Change the TESTING from 1 to a 0 - this will disable the testing mode, we need to be really careful with what other settings we change because we might get our selfs locked out of the box
Switch to IPv4 Settings and add the following to TCP_IN and TCP_OUT
5666,30000:50000
5666 - is the nagios NRPE port to allow the server to be monitored via Nagios
The range 30000:50000 will be used by pure-ftpd to allow ftp connections to the server
Once this is done we save the settings.
Configuration - protection profile
From the main firewall screen we now go to Firewall Profiles Here we need to activate the protection_medium profile. We use the medium one because the high security profile will generate a large number of false-positives and it will block normal users.
Configuration - pure ftpd
We go back into the ssh console and edit the /etc/pure-ftpd.conf with our favourite editor and uncomment the line
PassivePortRange 30000 50000
Save the file and restart the service either through WHM or from ssh.
Install on server without cPanel
On Centos minimal you need to run
yum install perl-libwww-perl
On Ubuntu run
apt-get install libwww-perl
Follow the installation steps above.
in the terminal run
csf --profile apply protection_medium
If the server is monitored using nagios nrpe we need to add the 5666 port to TCP_IN and TCP_OUT for both IPv4 and IPv6 in /etc/csf/csf.conf5) restart csf and lfd services and test the configuration, if everything is okay proceed, if connection is lost, wait 5 minutes for the cron to clear the iptables rules
csf -ra
edit again /etc/csf/csf.conf and disable testing mode - only do this if you are sure the configuration works, you might get locked out of the server7) restart csf and lfd
Quick commands
Quick ip block csf -d [comment]
Quick ip allow csf -a [comment]
Quick ip unblock csf -dr [comment]
Search for an IP csf -g
More information about this firewall can be found at https://configserver.com