CSF Firewall

Install CSF Firewall on CentOS 7/CloudLinux 7 CPanel Servers

Budd Grant Security 4 Comments

ConfigServer Security & Firewall (CSF) is a stateful packet inspection firewall (SPI), login/intrusion detection, and security application for Linux servers. It is a very popular security suite, but isn’t officially supported yet on either CentOS 7 or CloudLinux 7 cPanel setups.

Both CentOS 7 and CloudLinux 7 cPanel servers use Firewalld rather than Iptables.  This guide will allow you to install CSF Firewall with Iptables and all dependencies while disabling and preventing Firewalld from starting.

You are going to want to run the following commands as root.

Disabling Firewalld with Mask

Stop firewalld:

systemctl stop firewalld

Disable firewalld from starting with the system:

systemctl disable firewalld

Remove firewalld symlink:

systemctl mask firewalld

Installing and Configuring Iptables

Install the Iptables Services:

yum -y install iptables-services

Add the required touch files for Iptables to function:

touch /etc/sysconfig/iptables
touch /etc/sysconfig/ip6tables

Start the Iptables Service:

systemctl start iptables
systemctl start ip6tables
systemctl enable iptables
systemctl enable ip6tables

Install CSF Dependencies

Using the package installer, run the following:

yum -y install wget perl unzip net-tools perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph

Download and Launch CSF Installer:

cd /opt
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Run a PERL check to see if CSF will function properly on the server:

perl /usr/local/csf/bin/csftest.pl

If all works well you should receive a list of OKs.

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

Remove the installation files:

rm -rf /opt/csf
rm /opt/csf.tgz

Configuring the CSF Firewall

The CSF Configuration file is located at /etc/csf/csf.conf.  Follow the documentation within the config file to configure the firewall.  We use Nano to edit the configuration file.  To edit the config, run:

nano /etc/csf/csf.conf

After making your required changes, save your configuration (CTRL+O), and restart the firewall:

csf -r

Share this Article to your favorite Social Networks

Comments 4

    1. Post

      It’s showing it still is for me, Fauzie.

      Package 1:perl-GDGraph-1.44-15.el7.noarch already installed and latest version

    1. Post

Leave a Reply

Your email address will not be published. Required fields are marked *