ConfigServer Security & Firewall (CSF) is a stateful packet inspection firewall (SPI), login/intrusion detection, and security application for Linux servers. It is a very popular security suite, but isn’t officially supported yet on either CentOS 7 or CloudLinux 7 cPanel setups.
Both CentOS 7 and CloudLinux 7 cPanel servers use Firewalld rather than Iptables. This guide will allow you to install CSF Firewall with Iptables and all dependencies while disabling and preventing Firewalld from starting.
You are going to want to run the following commands as root.
Disabling Firewalld with Mask
Stop firewalld:
systemctl stop firewalld
Disable firewalld from starting with the system:
systemctl disable firewalld
Remove firewalld symlink:
systemctl mask firewalld
Installing and Configuring Iptables
Install the Iptables Services:
yum -y install iptables-services
Add the required touch files for Iptables to function:
touch /etc/sysconfig/iptables touch /etc/sysconfig/ip6tables
Start the Iptables Service:
systemctl start iptables systemctl start ip6tables systemctl enable iptables systemctl enable ip6tables
Install CSF Dependencies
Using the package installer, run the following:
yum -y install wget perl unzip net-tools perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph
Download and Launch CSF Installer:
cd /opt wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh
Run a PERL check to see if CSF will function properly on the server:
perl /usr/local/csf/bin/csftest.pl
If all works well you should receive a list of OKs.
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
Remove the installation files:
rm -rf /opt/csf rm /opt/csf.tgz
Configuring the CSF Firewall
The CSF Configuration file is located at /etc/csf/csf.conf. Follow the documentation within the config file to configure the firewall. We use Nano to edit the configuration file. To edit the config, run:
nano /etc/csf/csf.conf
After making your required changes, save your configuration (CTRL+O), and restart the firewall:
csf -r
Share this Article to your favorite Social Networks
Comments 4
No package perl-GDGraph available.
on: Cloudlinux 7.5 x86_64
Author
It’s showing it still is for me, Fauzie.
Package 1:perl-GDGraph-1.44-15.el7.noarch already installed and latest versionuse “systemctl stop firewalld”
not “systemctl stop firewall”
Author
Thank you. Fixed.