CSF - Knowledge Base Archives - Hivelocity Hosting

Common Firewall Commands: Iptables, CSF, UFW, & Firewalld

Ashleigh Becker — Mon, 28 Nov 2022 16:37:19 +0000

When running Linux OS, there are a variety of firewalls that can be deployed in your system, all of which require their own commands to operate. As a result, managing and maintaining your system’s firewall can often be difficult without something convenient to use for reference. The goal of this article is to provide you with a basic reference list of common commands useful for handling your Linux OS firewall.

To keep things succinct, the commands will be provided within a table format below following a brief precursor explanation on the various firewalls we’ll be covering here.

Common Firewalls Used in Linux

The following section covers basic background information regarding what firewall types are available within your Linux OS.

iptables

The Linux kernel requires rules for IP packet filtering to be managed in tables. iptables is used to set up, maintain, and inspect these tables of IP packet filtering rules with each table containing built-in chains. The iptables chains are lists of rules which match a set of packets, specifying instructions for each rule on how to handle the packet.

ConfigServer Security & Firewall (CSF)

ConfigServer Security & Firewall or CSF, is a tool that manipulates iptables chains while also providing additional functionality that iptables does not offer. CSF filtering is done on IP addresses, services, and ports.

CSF uses the Login Failure Daemon (lfd) which provides a tool that scans the latest log file entries for login attempts against your server. This is useful for detecting brute-force attacks, allowing lfd to automatically detect the pattern and block the offending IP.

Uncomplicated Firewall (UFW)

Uncomplicated Firewall (UFW) is the default firewall configuration tool for Ubuntu and has been developed to ease iptables firewall configuration by providing a friendly method to create an Ipv4 or Ipv6 host-based firewall.

Firewalld

Firewalld is a service daemon with D-bus interface which provides easy management of the network/firewall zones, assigning different levels of trust to a network and its associated connections. Additionally, the interface also provides the ability to add iptables rules directly.

Table of Commands for Firewall Management

The following is a list of common commands that can be made for the four the Firewall types discussed above.

Action	iptables	CSF	UFW	Firewalld
Check Firewall Status	N/A	service csf status or systemctl status csf	service ufw status or systemctl status ufw	service firewalld status (Not required as CSF won’t run if it’s not working)
Viewing/Searching Firewall Rules	iptables -n -L -v –line-numbers	csf -g [IP]	sudo ufw status numbered will show a list of rules, then use sudo ufw delete # with the rule number.	firewall-cmd –list-all firewall-cmd –list-services firewall-cmd –list-ports
Restart Firewall	Occasionally rebooting the system can help if iptables rules do not take effect.	service csf restart or csf -r or even better to flush rules csf -ra	service ufw restart	service firewalld restart
Adding and Blocking a Port [Make sure to modify the #### entry]	Adding: iptables -I INPUT 1 -p tcp –dport=#### -j ACCEPT — Blocking: iptables -I INPUT 1 -p tcp –dport=#### -j DROP	Edit csf.conf file in /etc/csf/csf.conf and add the following lines with whichever ports you need. Note: The snippet below was taken from the file to show you where you will place the ports in/out. Do not change anything in the file other than the numbers in the following lines: # Allow incoming TCP ports* TCP_IN = “20,443,465,21,22,587,993,25,53,80,110,143,995” # Allow outgoing TCP ports TCP_OUT = “20,21,443,587,22,25,80,110,43,53”	Adding: sudo ufw allow ####, you can use /tcp or /udp here as well — Blocking: sudo ufw deny ####, you can use /tcp or /udp	Adding: firewall-cmd –permanent –add-port=##/TCP or use /UDP — Blocking: firewall-cmd –permanent –remove-port=### /tcp or /udp can be added at the end of that line without a space
Adding and Removing an IP [Make sure to modify the x.x.x.x with an IP]	Adding: iptables -A INPUT -s x.x.x.x -j ACCEPT — Removing: iptables -A INPUT -s ###.###.###.### -j DROP	Adding: csf -a [x.x.x.x] [Optional comment] (Writes information to /etc/csf/csf.allow) — Removing: csf -tr [IP.add.re.ss] (Writes information to /etc/csf/csf.deny)	sudo ufw allow from x.x.x.x [sudo ufw status numbered will show a list of rules, then use sudo ufw delete # with the rule number.]	firewall-cmd –permanent –add-source=###.###.###.### firewall-cmd –permanent –remove-source=###.###.###.###
Blocking an IP [Make sure to modify the x.x.x.x with an IP]	iptables -A INPUT -s x.x.x.x -j DROP	csf -d [x.x.x.x] [Optional comment] (Writes information to /etc/csf/csf.deny)	sudo ufw deny from x.x.x.x	firewall-cmd –permanent –add-rich-rule=”rule family=’ipv4′ source address=x.x.x.x’ reject”
Adding and Removing a Service	N/A	N/A	Allow: sudo ufw allow service — Remove: sudo ufw deny service	Allow: firewall-cmd –permanent –add-service=ssh — Remove: firewall-cmd –permanent –remove-service=mysql

-written by Pascal Suissa

The post Common Firewall Commands: Iptables, CSF, UFW, & Firewalld appeared first on Hivelocity Hosting.

How to Install CSF (ConfigServer Firewall)

hivelocityadmin — Wed, 06 May 2015 20:01:35 +0000

ConfigServer Firewall (or CSF) is a free and advanced firewall available for most Linux distributions, which manipulates iptables chains while also providing greater functionality that iptables doesn’t offer. In addition to the basic functionality of a firewall – filtering packets on IP addresses, services, and ports – CSF includes other security features, such as login/intrusion/flood detections. CSF also includes UI integration for cPanel, DirectAdmin, and Webmin.

CSF works by utilizing the Login Failure Daemon (lfd), which provides a tool that scans the latest log file entries for login attempts against your server. This is useful for detecting brute-force attacks, allowing lfd to automatically detect the pattern and block the offending IP.

*NOTE: These instructions are based on a live document that might change in the future, meaning it’s important to review it prior to proceeding. The instructions from the file have been tested and broken down below at the time of writing this article and include further troubleshooting information that is not present in the live document.

The file can be found in the following link – https://download.configserver.com/csf/install.txt

Installing ConfigServer Firewall (CSF)

To install CSF onto your Linux distribution, just follow along with the instructions below. *Note: Be sure to update your packages with package manager to ensure you have the latest versions available to you.

First, in order to install CSF, you must log in to your server with root user.
Next, before downloading CSF, make sure that you have the following packages installed on your system using sudo apt install followed by the name of the packages you’re installing:
1. perl-libwww-perl and/or libwww-perlc (*Note: some distributions might not require or have these available)
2. wget
3. tar
4. nano
Now, navigate to the /usr/src directory

cd /usr/src
Next, download the CSF installation pack (contained in a compressed tarball) using the following command:

wget https://download.configserver.com/csf.tgz
The downloaded file is compressed, so it has to be uncompressed and extracted before it can be used. To extract the file, use the following command and hit enter.

tar -xzf csf.tgz
Now it is time to execute the CSF’s installer script. Move to the csf directory (by using: cd /usr/src/csf) and execute the following installation script:

sh install.sh

*Note: If this fails with either an error stating “Can’t locate Net/SMTP.pm” or “Can’t locate Math/BigInt.pm“, then install perl-Net-SMTP-SSL perl-Math-BigInt and run the CSF installation script again.
Now that CSF is installed, run the following test script to ensure all prerequisites are present:

perl /usr/local/csf/bin/csftest.pl
Assuming that everything is working correctly, the next step is to disable firewalld to reconfigure CSF using the following command:

systemctl stop firewalld
followed by
systemctl disable firewalld
Next, edit /etc/csf/csf.conf to change the value of “TESTING = 1” to “TESTING = 0”. The item is present at the very top of the document.

*Note: Editing can be completed via nano or vim. Remember to save the file when you’ve finished making the edits.
With your edits complete, the next step is to restart CSF using the following command:

systemctl restart {csf,lfd}

*Note: if you receive an error on AlmaLinux 9 or any other distro that says “Can’t locate lib.pm in @INC“, then the epel-release and perl packages need to be installed.
Now, enable CSF and lfd and check whether the service is active using the following commandS:

systemctl enable {csf,lfd}
Followed by
systemctl is-active {csf,lfd}
Lastly, you can check if the required iptables modules are available using the following command:

perl /usr/local/csf/bin/csftest.pl

If no fatal errors are reported, then the firewall should be working correctly.

And there you have it! If you have WHM installed on your server, you can also double-check that CSF is working properly by checking under WHM’s menu >> Plugins >> ConfigServer Security&Firewall.

Popular Links

Looking for more information on CSF? Search our Knowledge Base!

Interested in more articles about Security? Navigate to our Categories page using the bar on the left or check out these popular articles:

Popular tags within this category include: YUM, Maldet, SSL, and more.

Don’t see what you’re looking for? Use the search bar at the top to search our entire Knowledge Base.

The Hivelocity Difference

Seeking a better Dedicated Server solution? In the market for Private Cloud or Colocation services? Check out Hivelocity’s extensive list of products for great deals and offers.

With best-in-class customer service, affordable pricing, a wide-range of fully-customizable options, and a network like no other, Hivelocity is the hosting solution you’ve been waiting for.

Unsure which of our services is best for your particular needs? Call or live chat with one of our sales agents today and see the difference Hivelocity can make for you.

The post How to Install CSF (ConfigServer Firewall) appeared first on Hivelocity Hosting.