How to Install CSF Firewall on VestaCP CentOS and Enable CSF firewall GUI

by Sandy

In this tutorial we’ll be enabling CSF firewall under Vestacp (also works with any Centos/rhel os) and add link to VESTA menu in order to access the CSF firewall GUI. CSF firewall comes with many features and indeed simple to use gui. ConfigServe Firewall, also known as CSF, is a firewall configuration script created to provide better security for your server while giving you an easy to use, advanced interface for managing your firewall settings. CSF configures your server’s firewall to lock down public access to services and only allow certain connections, such as logging in to FTP, checking your email, or loading your websites.

this tutorial exclusively for centos vestacp users

First install required packages for CSF

yum install perl-GDGraph perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN perl-IO-Socket-INET6 perl-Socket6 perl-Crypt-SSLeay perl-Net-SSLeay perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch 

Disable Fail2ban and Firewalld service if you’re running it :

service firewalld stop
service fail2ban stop

If you don’t need this services disable it or remove it.

Install CSF firewall :

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

then go to /etc/csf and edit csf.conf :

yum install nano -y
nano csf.conf

Find TESTING and change this configs :

TESTING = "1"

change it to

TESTING = "0"

Find RESTRICT_SYSLOG :

RESTRICT_SYSLOG = "0"

Change it to

RESTRICT_SYSLOG = "3"

Now we’ll enable CSF GUI :

Find “SECTION:Integrated User Interface” and find & modify this configs :

UI = "0"
UI_PORT = "6666"
UI_USER = "username"
UI_PASS = "password"
UI_ALLOW = "1"

Change the value to :

UI = "1"
UI_PORT = "9443"
UI_USER = "mystery"
UI_PASS = "mysterdata23400"
UI_ALLOW = "0"

don’t forget to use your own username and password. And you can choose your own bind port instead of 9443

Also add CSF GUI port 9443 in TCP_IN  to open the port :

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,8083,9443"

Also ensure this ports are listed :

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,8083,9443"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995,8083"

Save the config file and restart :

csf -r

You can now go to https://ip:9443 to access the GUI/User Interface

Add CSF FIREWALL access Link to VestaCP menu

Navigate to :

cd /usr/local/vesta/web/templates/admin

and edit panel.html :

nano panel.html

Add this html code at line 20 :

<div class="l-menu__item <?php if($TAB == 'UPDATES' ) echo 'l-menu__item--active' ?>"><a href="https://107.152.32.123:9443/" target="_blank">CSF FIREWALL</a></div>

replace 107.152.32.123 with your server IP

eg :

That’s it you’ve done installation of csf under VestaCP

Commands for CSF

Stop the firewall / Flush the rules

csf -f

Restart the firewall

csf -r

Add an IP to the whitelist

csf -a

Blacklist an IP ( the IP won’t be able to connect to the server)

csf -d

Remove an IP from the allow list

csf -ar

Remove an IP from the deny list

csf -dr

Update/upgrade CSF

csf -u

Disable CSF and LFD

csf -x

Enable CSF and LFD

csf -e

If this post helps you in any way please consider a donation

Donate with PayPal :

md-donate

Donate with Paytm :

md-donate

You may also like

7
Leave a Reply

avatar
4 Comment threads
3 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
5 Comment authors
SandyJuanEpielNacefLaur Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Laur
Guest
Laur

csf conf it’s here:
/etc/csf/csf.conf

Nacef
Guest
Nacef

Great tuto
Thank you very much

Epiel
Guest
Epiel

this https://ip:9443 to access the GUI/User Interface is not working for me

Juan
Guest
Juan

GUI/User Interface is not working