1 min read

Hard to implement IPTables? Try this.

Hard to implement IPTables? Try this.
Photo by Scott Webb / Unsplash

Have you ever try to implement filter on your server using IPTables?

It's hard isn't it?

You should try CSF.

CSF Installation

Download package

First, download latest package of CSF from official website, and extract it.

# cd /opt/
# wget https://download.configserver.com/csf.tgz
# tar -xvf csf.tgz

I use CentOS, so I prefer store them in /opt/. Please try to read at your own distribution hier.

Then install required perl packages.

-- On rpm based systems:
# yum install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph perl-Math-BigInt.noarch

-- On APT based systems:
# apt-get install libwww-perl liblwp-protocol-https-perl libgd-graph-perl

Run install.sh

# sh install.sh 

Selecting installer...

Running csf generic installer

Installing generic csf and lfd

Check we're running as root
---- too long ----
Installation Completed

After completed, try to restart csf.

# csf -r

CSF will automatically added your current IP and SSH Port to the allow list.

Check whether your CSF running properly

# perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

All config stored at /etc/csf/.

Find and write your desired rules, and save them by csf -r.

Don't forget to RTFM. You'll find the details.

# man csf

Thanks to:

(c)2006-2021, Way to the Web Limited (http://www.configserver.com)