Setting up CSF Firewall front end for IPTables

first_imgSetting up CSF Firewall front end for IPTables by Mike Turcotte-McCusker on March 18, 2017 in Linux – Last Update: March 18, 2017 – 2 commentsFirewalls, commonly underused by home users yet probably one of the most important aspects of securing your machine; ever.Windows users have a HUGE array of options in front of them, but GNU/Linux isn’t quite as flexible in terms of giving you a thousand and one options.Thankfully, there is the powerful IPTables firewall built into most systems. However, IPTables can be a daunting task for people to configure and learn how to use, thankfully there are front ends and other tools that can make setting up a very powerful firewall MUCH easier for the end-user.CSF, or ConfigServer and Firewall, is one such IPTables frontend, and is an absolute powerhouse in itself while still maintaining a much easier setup.MANY Distros come with firewall GUI frontends included in the system, but for the odd one that doesn’t, or if you are setting up a firewall on a text only system such as a VPS, or you just have decided to do away with graphical environments as a whole; this is for you.For this, I am setting up CSF on one of my VPS, through a text only environment via SSH, so it’s absolutely required that you have some basic proficiency and understanding of how to use a terminal environment on your system if you wish to follow the exact steps I will be taking.Note: You could do the vast majority of this if not all of it using a graphical environment, but I personally still would prefer to do it via command-line because I find it much faster to do simple things like extractions, copy pasting, text editing etc via terminal; but the choice is ultimately up to you. Just know that this tutorial is strictly text.The Installation of CSFThe first step is to download the tarball from the CSF website https://configserver.com/cp/csf.htmlThe first thing you’ll want to do is navigate to whatever folder you intend to download CSF to as root.sucd /usr/srcThen download the tarballwget https://download.configserver.com/csf.tgzAnd then we need to extract the tarballtar -xzf csf.tgzMove into the new directorycd csfAnd run the installation scriptsh install.shNext, we need to check if our system has all of the required IPTables modules installed. Some of these may not be installed but so long as the following script does not give a -Fatal Error- then you are good to go.perl /usr/local/csf/bin/csftest.plYou should hopefully get a message like this: “RESULT: csf should function on this server”In the scenario where you get fatal errors, this likely means that IPTables is either not installed, or not started / loaded into the kernel; look up the documentation / forums / search engine results for installing or starting IPTables for your distro of choice.With all that being said, CSF is now installed! However, it’s not actually -DOING- anything yet, so, we need to configure it.To do this, we simply need to edit one file, albeit a long file, it’s fairly well commented and documented, and relatively straight forward if you have any knowledge of networking or how the internet and your system work together. For those of you who have no idea what ports are for example, this may be a bit above your head and I highly recommend checking out some articles on the topic before you delve in deeper.Configuring CSFLet’s get started by opening the CSF configuration file with your favourite text editor, I personally use Nano for things like this.nano /etc/csf/csf.confThe first thing you will see is the following, and it is absolutely essential that you do not play with this setting until we are completely done!################################################################################ SECTION:Initial Settings################################################################################ Testing flag – enables a CRON job that clears iptables incase of# configuration problems when you start csf. This should be enabled until you# are sure that the firewall works – i.e. incase you get locked out of your# server! Then do remember to set it to 0 and restart csf when you’re sure# everything is OK. Stopping csf will remove the line from /etc/crontab## lfd will not start while this is enabledTESTING = “1”Basically keeping this on (1=on 0=off) will ensure you don’t lock yourself out of your system by misconfiguring your firewall. Once you are confident everything is working as it’s supposed to, you can disable this.There are some settings next referring to system logging, I recommend you simply scroll past them as they are set fine for most cases by default, and scroll until you see:# SECTION:IPv4 Port SettingsCSF by default will be aware of all ports currently being used, and will adjust itself accordingly. For example, on this VPS I host a number of services from VoIP servers to gameservers for a few gaming clan clients of mine, and CSF has sorted that out for me.# Allow incoming TCP portsTCP_IN = “10011,20,21,22,25,53,25639,80,110,143,443,465,587,993,995,9987,8080,8181”# Allow outgoing TCP portsTCP_OUT = “25639,10011,20,21,22,25,53,80,110,113,443,587,993,995,8080,8081,9987”# Allow incoming UDP portsUDP_IN = “20,21,25639,10011,53,9987”# Allow outgoing UDP ports# To allow outgoing traceroute add 33434:33523 to this listUDP_OUT = “20,21,53,25639,113,10011,9987,123”As you can see, a number of TCP and UDP ports are already being granted passage through the firewall. You may want to double check any games, servers or services you run for what ports they use, and ensure that these ports are all listed accordingly.If you are unsure of what ports you require open, you can check with the following commands:netstat -vatnnetstat –listennetstat -lntuAnd look for things such astcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTENIn this example, port 8081 is being listened on, so I need port 8081 open.I will add some links at the bottom of this article for more indepth focus on this for those who need it.After you are all set on setting up the IPv4 ports, you will want to make sure Ipv6 is also taken care of if you utilize it on yout system, much in the same fashion.After that, you theoretically could simply start CSF and be good to go, however I highly recommend reading through the rest of the configuration file and changing anything you feel needed; ESPECIALLY if you are setting this up on any kind of server environment. CSF has some pretty awesome anti-DDoS protection options in it. I have used CSF on other servers of mine, and attempted to pwn them pretty hard for testing purposes just to have CSF put me down. That said, it’s definitely not unbeatable, but it’s solid, that’s for sure.Running CSFOnce that is all said and done, we want to test CSF to ensure everything is working properly.To do this, let’s start CSFcsf -eYou should see a bunch of text scroll through your screen, and a message that reads:csf and lfd have been enabled*WARNING* TESTING mode is enabled – do not forget to disable it in the configurationAt this point, the firewall is running. Now is when you try to connect your usual services, run your games, and do whatever it is that you normally do.If at this point you have no issues (which you shouldn’t if you followed the comments in the config file properly!) you can disable testing mode.nano /etc/csf/csf.confTESTING = “1” becomes TESTING = “0”And thencsf -rto restart CSF.You’re done!Anytime you ever need to add ports, you can simply open the CSF config file again, add the port numbers, and then restart csf withcsf -rIf you ever need to stop CSF, usecsf -xYour system is now protected by a firewall!More resources and information can be found at:https://configserver.com/cp/csf.htmlhttps://forum.configserver.com/Now You: Do you use the built-in firewall on your system?SummaryArticle NameSetting up CSF Firewall front end for IPTablesDescriptionThe guide walks you through the steps of setting up and configuring a CSF Firewall front end for IPTables on a machine running Linux.Author Mike TurcottePublisher Ghacks Technology NewsLogo Advertisementlast_img read more

Go back to the enewsletter Adventure travel specia

first_imgGo back to the enewsletterAdventure travel specialist G Adventures have introduced a new Scottish land-based itinerary as an optional addition to three of its Norwegian expedition adventures for 2020. The new three-day itineraries include two days in Edinburgh and one in the Scottish Highlands, offering travellers a taste of Scotland in addition to their Norway Expedition.The new Scottish itinerary will include a guided walking tour of Edinburgh, taking in the sites of the Scottish Capital, including Edinburgh Castle and the National War Museum and a day trip to the Scottish Highlands. Travellers will explore the old town of Stirling, visit Wallace Monument and learn about the infamous battle of Bannockburn before visiting Deanston Distillery to taste real single malt scotch whiskey.The three new itineraries for 2020 include:Explore the Norwegian Fjords and Scottish Highlands: This 16-day adventure offers a taste of real Scotland before heading into the Norwegian Sea to explore the otherworldly fjords of Norway. Taking in UNESCO World Heritage Sites like the Standing Stones of Stenness and the mystical Ring of Brodgar, this expedition travels as far north as Tromsø, known as the “Gateway to the Arctic”.Departures start 2 May 2020. Prices from AU$7,399 per person*.Cruise the Norwegian Fjords with Scottish Highlands: Setting sail from Tromsø aboard the G Expedition, this 16-day adventure journeys south along the icy cold waters of the Norwegian coastline and fjords. With experts on board, travellers will learn about wildlife and marine conservation along the way before enjoying a warm Scottish welcome and the opportunity to explore Edinburgh and the Highlands. Departures from 17 May 2020. Prices from AU$6,799 per person*.Norwegian Arctic and Scottish Highlands Encompassed: Scotland’s bustling capital city and stunning highlands kick off this 18-day adventure. Travellers will find their sea legs cruising along the Norwegian fjords to Tromsø before heading further north to the Arctic regions of Bjørnøya, Hornsund and Svalbard. Wildlife enthusiasts will revel in this Arctic region, which is home to walruses, reindeer, Arctic foxes, whales and the infamous polar bear.Departures from 26 May 2020. Prices from AU$9,399 per person*.*Prices based on shared cabins and are excluding flights.Go back to the enewsletterlast_img read more