March 5, 2021 / Nirav Shah
Config Server Firewall (popularly known as CSF) is a free and open-source firewall application suite for most Linux distributions and Linux based Virtual Private Servers (VPS). It provides the basic functionality of a firewall – filtering packets while also providing additional security to your server.
To verify the required firewall modules command:
perl /usr/local/csf/bin/csftest.pl
Everything should be fine and you should get the following output:
nano /etc/csf/csf.conf
Certain ports are opened by default, and these ports are given below:
The services using the open ports
After changing the settings in csf.conf, you should save the files and restart CSF for the changes to take effect with this command:
csf -r
Blocking IP addresses
If you would like to block an IP address or range, open csf.deny with the command below:
nano /etc/csf/csf.deny
Below is the default csf.deny file as it contains no entries.
To block a specific IP address, add it to the file:
– 196.xx.xx.xx To block a range of IP addresses, add the IP followed by the CIDR Value
– 196.xx.xx.xx/29.
Allowing IP addresses
nano /etc/csf/csf.allow
Below is the default csf.allow file as it contains no entries.
You can also allow a specific IP and a range of IP addresses without opening the csf.deny file but by running the commands below:
csf -a 196.x.x.x csf -ar 196.x.x.x
Note: Allowed IP addresses are allowed even if they are explicitly blocked in a csf.deny file.
As a Director of Eternal Web Private Ltd an AWS consulting partner company, Nirav is responsible for its operations. AWS, cloud-computing and digital transformation are some of his favorite topics to talk about. His key focus is to help enterprises adopt technology, to solve their business problem with the right cloud solutions.
Have queries about your project idea or concept? Please drop in your project details to discuss with our AWS Global Cloud Infrastructure service specialists and consultants.
