How to install the ConfigServer and Security Firewall combo on Ubuntu Server

If you would like a effective firewall for your Ubuntu Server, but just one that features a rather straightforward configuration, Jack Wallen thinks CSF might be the suitable tool for the job.

Although Uncomplicated Firewall is an outstanding safety support on Ubuntu Server, there may well be periods when you want extra. But if you don’t have the time (or the inclination) to master the very complicated iptables, you may want an alternative that lies someplace in involving. These types of an solution is the ConfigServer/Stability Firewall combination, which offers a stable firewall remedy that can be expanded with increase-ons for points such as login/intrusion detection, exploit checks, ping of dying defense, and extra.

I am going to wander you as a result of the installation of CSF on Ubuntu Server 20.04.

SEE: Password breach: Why pop culture and passwords never combine (absolutely free PDF) (TechRepublic)

What you can want

In get to put in CSF, you can expect to need a functioning instance of Ubuntu Server and a person with sudo privileges. Which is it. Let’s dive in.

How to set up ConfigServer on Ubuntu Server 20.04

The 1st factor to be accomplished is to install the important dependencies. Log into your Ubuntu Server and concern the command:

sudo apt put in wget libio-socket-ssl-perl git perl iptables libnet-libidn-perl libcrypt-ssleay-perl  libio-socket-inet6-perl libsocket6-perl sendmail dnsutils unzip -y

When that command completes, down load the newest model of CSF with the command:

wget http://down

Unpack that newly downloaded tar file with:

tar -xvfz csf.tgz

Modify into the freshly developed directory with:

cd csf

Install CSF by functioning the integrated script with:

sudo bash put

Just before we carry on on, let’s make positive iptables is loaded with:

sudo perl /usr/nearby/csf/bin/

You must see:

Tests ip_tables/iptable_filter...Alright
Testing ipt_LOG...Alright
Screening ipt_multiport/xt_multiport...Alright
Testing ipt_REJECT...Ok
Tests ipt_point out/xt_condition...Alright
Tests ipt_restrict/xt_restrict...Okay
Testing ipt_recent...Ok
Screening xt_connlimit...Okay
Testing ipt_proprietor/xt_operator...Ok
Tests iptable_nat/ipt_REDIRECT...Ok
Screening iptable_nat/ipt_DNAT...Ok

Outcome: csf should really functionality on this server

How to configure CSF on Ubuntu Server 20.04

We’re ready to configure CSF. Open up the configuration file with:

sudo nano /and many others/csf/csf.conf

The initially detail we will have to do is transform the line:

Tests = "1"


Screening = ""

Upcoming, we need to have to restrict rsyslog/syslog accessibility to members of a particular group. For this, find the line:

Limit_SYSLOG = ""

Change that line to:

Prohibit_SYSLOG = "3"

Now comes the enjoyment aspect. Scroll down right until you see the line setting up with:


This is exactly where you can configure ports to be allowed via the firewall. By default CSF will allow ports 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993 and 995. Change that line to only the ports you want open for the server in dilemma.

Subsequent, obtain the strains starting with TCP_OUT, UDP_IN, and UDP_OUT and do the similar matter (configuring only the ports you want open for incoming and outgoing site visitors).

When you have done that process, help save and close the file. 

Start and permit CSF with the command:

sudo systemctl allow --now csf

How to block and make it possible for IP addresses with CSF

This is one particular of the methods CSF stands out amid the opposition. Let me exhibit you how uncomplicated it is to block or permit an IP handle. To block an IP handle, open up the deny file with:

sudo nano /etc/csf/csf.deny

At the base of that file, increase the IP addresses you want to block (a person for each line), like so:

You can also block an full subnet like this:


To make it possible for an IP deal with, open the permit file with:

sudo nano /etcetera/csf/csf.allow for

In that file, add the IP addresses or subnets (in the identical way you did for deny) and then help save the file.

Lastly, you can established CSF to exclude an IP address in the csf.dismiss file (which is configured in the exact same way you configured the deny and let data files).

And which is all there is to installing and configuring the ConfigServer Stability Firewall mixture on Ubuntu Server. If you might be looking for a potent, nevertheless uncomplicated, firewall for your servers, this may be precisely what you happen to be searching for.

Subscribe to TechRepublic’s How To Make Tech Do the job on YouTube for all the most up-to-date tech information for company pros from Jack Wallen.

Also see


Illustration: Lisa Hornung/TechRepublic

Fibo Quantum