Tuesday, January 19, 2010

CSF/LFD - Firewall based on iptables


CSF/LFD is the most powerful firewall based on iptables, easy for installing and configuring, it can protect your server better.
Read readme.txt and install.txt for instruction here:
http://www.configserver.com/cp/csf.html

Note that after installed CSF/LFD, you need to edit /etc/csf/csf.conf to set TESTING = "0" instead of "1" to enable CSF/LFD.

Quoted from install instruction:
Installation
============
Installation is quite straightforward:
# rm -fv csf.tgz
# wget http://www.configserver.com/free/csf.tgz
# tar -xzf csf.tgz
# cd csf
# sh install.sh
Next, test whether you have the required iptables modules:
# perl /etc/csf/csftest.pl
Don't worry if you cannot run all the features, so long as the script doesn't
report any FATAL errors

You should not run any other iptables firewall configuration script. For
example, if you previously used APF+BFD you can remove the combination (which
you will need to do if you have them installed otherwise they will conflict
horribly):
# sh /etc/csf/remove_apf_bfd.sh
That's it. You can then configure csf and lfd by edit the files
directly in /etc/csf/*, or on cPanel servers use the WHM UI

csf installation for cPanel is preconfigured to work on a cPanel server with all
the standard cPanel ports open.

csf installation for DirectAdmin is preconfigured to work on a DirectAdmin
server with all the standard DirectAdmin ports open.

csf auto-configures your SSH port on installation where it's running on a non-
standard port.

csf auto-whitelists your connected IP address where possible on installation.

You should ensure that kernel logging daemon (klogd) is enabled. Typically, VPS
servers have this disabled and you should check /etc/init.d/syslog and make
sure that any klogd lines are not commented out. If you change the file,
remember to restart syslog.

See the readme.txt file for more information.

No comments:

Post a Comment