Home Security Firewall How To Install CSF Firewall on VestaCP (RHEL/CentOS & Debian/Ubuntu)

How To Install CSF Firewall on VestaCP (RHEL/CentOS & Debian/Ubuntu)

569
0

VestaCP has a built-in default firewall with iptables and fail2ban. You will find it when you run VestaCP with Linux operating systems including RHEL and CentOS. However, we can exclude iptables and fail2ban in the VestaCP installation command script (ADVANCED INSTALL SETTINGS). Instead, we can replace iptables and fail2ban with CSF Firewall (ConfigServer Security & Firewall) + LFD (Login Failure Daemon).

As I know that CSF has officially supported VestaCP as an optional firewall and provides a user interface (UI) since version 13.05 was released to the public. Although CSF says that they only support VestaCP that runs on CentOS 7, but I have tried it works very well on VestaCP with Debian 8/9 and Ubuntu LTS Server (16.04 – 18.04). Look at the CSF changelog below.

13.05 - Added official CentOS Web Panel (CWP) integration and CWP panel
specific configuration. See /etc/csf/readme.txt for more information
(only tested on CentOS v7)

Added official VestaCP integration and VestaCP specific configuration
(only tested on CentOS v7)

SEE: https://download.configserver.com/csf/changelog.txt

It’s easy to install and configure CSF Firewall on VestaCP, both with RHEL/CentOS and Debian/Ubuntu. Now, follow this guide to install CSF Firewall on your VestaCP.

1.) Download and Install CSF Firewall

$ cd /usr/local/src
$ wget https://download.configserver.com/csf.tgz
$ tar -xzf csf.tgz
$ cd csf
$ sh install.sh

2.) OK… CSF Firewall has been installed on your VestaCP server. Now let’s test your CSF Firewall installation.

$ perl /usr/local/csf/bin/csftest.pl

3.) Next, configure your CSF Firewall settings and make sure to disable testing mode, so CSF can work properly on your VestaCP server. You can configure it via Nano Editor or login to your VestaCP and scroll to the CSF menu (top right), like the image you can see above.

$ nano /etc/csf/csf.conf

Set Testing Mode from “1” to “0”

$ TESTING = "0"

Set RESTRICT_SYSLOG from “0” to “3”

$ RESTRICT_SYSLOG = "3"

4.) If you have a custom port, be sure to always add that port to CSF IPv4 Port Settings and IPv6 Port Settings.

READ:  How To Set Correct Permissions (CHMOD) on Linux with Single Command

5.) Now, restart CSF & LFD

$ csf -r or service csf restart
$ lfd -r or service lfd restart

CONCLUSION

Installing CSF Firewall + LFD on VestaCP is very easy to do. Of course, CSF Firewall clearly has more complete and more comprehensive features compared to iptables and fail2ban which is the default VestaCP firewall. However, iptables and CSF Firewall can run together on VestaCP without any problems. You can still have iptables firewall installed on your VestaCP without the need to uninstall it, even though you have also installed CSF Firewall.

LEAVE A REPLY

Please enter your comment!
Please enter your name here