How to Disable the default Linux Firewall and use CSF

Some of the firewall scripts that come with various hosting companies can leave a lot to be desired, and tackling IP tables head on can be intimidating, here is how to disable the default firewall and use an industry standard one which provides bot a CLI and GUI through WHM.

CSF is Config Server Firewall, it’s free and available for use for most Linux based systems it also comes bundled with LFD – login failure daemon – so all the nasties are kept out.

First up is to disable any existing firewall, as running concurrent ones is going to possibly mess your system up. Also if you are using Plesk Virtuozzo firewall you can leave this as is as it will feed from the CSF rules. If the existing firewall script is set up using chkconfig, run the following;

service iptables save
service iptables stop
chkconfig iptables off

Then you are ready to do the install:

wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
perl /etc/csf/csftest.pl
sh /etc/csf/remove_apf_bfd.sh

Couple of links to the official readme and install files.

Once installed you can configure via CLI or WHM, in the CLI the config files will be in /etc/csf and WHM will have a plugin named  ’ConfigServer Security & Firewall’

csf-whm-firewall

Ths initial will open the default ports for a typical cPanel server and if you have connected via SSH it will whitelist your IP address to the /etc/csf.allow file so you don’t get locked out.

The firewall is in an initial testing mode – run your tests so you can access the server – the then put it out of testing and into live mode. By changing from 1 to 0 in the screen accessed from the “Firewall Configuration” button and confirm this by clicking ‘Change” down the bottom.

testing-set-to-zero-csf

csf-whm-firewall

testing-set-to-zero-csf