CSF Installation

To install csf simply do the following from the root shell via SSH:

wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
cd ..
rm -Rfv cse/ cse.tgz

You will have to edit csf.conf file. It’s located here: /etc/csf/csf.conf

You need to change the Testing mode.

Testing = “0”

And you need to configure open ports in csf.conf or you won’t be able to
access these ports. In most cases it should be configured like this if
you are using cP/WHM. If you are running something on some other port
you will have to enable it here. If you changed SSH port you will have
to add a new port here:

# Allow incoming TCP ports
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,207 7,2078,2082,2083,2086,2087,2095,2096″
# Allow outgoing TCP ports
TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,2087, 2089,2703″
6.2) CSF Connection Limit
There is in csf.conf CT option, configure it like this
CT_LIMIT = “200” ( It means every IP with more than 200 connections is going to be blocked )
CT_PERMANENT = “1” ( IP will blocked permanenty )
CT_BLOCK_TIME = “1800” ( IP will be blocked 1800 secs(1800 secs = 30 mins )
CT_INTERVAL = “60” ( Set this to the the number of seconds between connection tracking scans )

After editing you need to restart the csf firewall

csf -r

Usage: /usr/sbin/csf [option] [value]

Option Meaning
-h, –help Show this message
-l, –status List/Show iptables configuration
-l6, –status6 List/Show ip6tables configuration
-s, –start Start firewall rules
-f, –stop Flush/Stop firewall rules (Note: lfd may restart csf)
-r, –restart Restart firewall rules
-q, –startq Quick restart (csf restarted by lfd)
-sf, –startf Force CLI restart regardless of LF_QUICKSTART setting
-a, –add ip Allow an IP and add to /etc/csf.allow
-ar, –addrm ip Remove an IP from /etc/csf.allow and delete rule
-d, –deny ip Deny an IP and add to /etc/csf.deny
-dr, –denyrm ip Unblock an IP and remove from /etc/csf.deny
-df, –denyf Remove and unblock all entries in /etc/csf.deny
-g, –grep ip Search the iptables rules for an IP match (incl. CIDR)
-t, –temp Displays the current list of temp IP entries and their TTL
-tr, –temprm ip Remove an IPs from the temp IP ban and allow list
-td, –tempdeny ip ttl [-p port] [-d direction]
Add an IP to the temp IP ban list. ttl is how long to
blocks for (default:seconds, can use one suffix of h/m/d).
Optional port. Optional direction of block can be one of:
in, out or inout (default:in)
-ta, –tempallow ip ttl [-p port] [-d direction]
Add an IP to the temp IP allow list (default:inout)
-tf, –tempf Flush all IPs from the temp IP entries
-cp, –cping PING all members in an lfd Cluster
-cd, –cdeny ip Deny an IP in a Cluster and add to /etc/csf.deny
-ca, –callow ip Allow an IP in a Cluster and add to /etc/csf.allow
-car, –carm ip Remove allowed IP in a Custer and rem from /etc/csf.allow
-cr, –crm ip Unblock an IP in a Cluster and remove from /etc/csf.deny
-cc, –cconfig [name] [value]
Change configuration option [name] to [value] in a Cluster
-cf, –cfile [file] Send [file] in a Cluster to /etc/csf/
-crs, –crestart Cluster restart csf and lfd
-m, –mail [addr] Display Server Check in HTML or email to [addr] if present
-lr, –logrun Initiate Log Scanner report via lfd
-c, –check Check for updates to csf but do not upgrade
-u, –update Check for updates to csf and upgrade if available
-uf Force an update of csf
-x, –disable Disable csf and lfd
-e, –enable Enable csf and lfd if previously disabled
-v, –version Show csf version

These options allow you to easily and quickly control and view csf. All the
configuration files for csf are in /etc/csf and include:

csf.conf – the main configuration file, it has helpful comments explaining
what each option does
csf.allow – a list of IP’s and CIDR addresses that should always be allowed
through the firewall
csf.deny – a list of IP’s and CIDR addresses that should never be allowed
through the firewall
csf.ignore – a list of IP’s and CIDR addresses that lfd should ignore and not
not block if detected
csf.*ignore – various ignore files that list files, users, IP’s that lfd
should ignore. See each file for their specific purpose and
tax
========================================>
Reference : http://configserver.com/free/csf/readme.txt