Configure & Startup¶
After you have installed ConfigServer Firewall in the previous chapter; you can start configuring it to suit your server’s requirements.
Configure¶
The main configuration file for CSF is located at /etc/csf/csf.conf
. You can use your preferred text editor to modify the file, such as nano or vim:
The list below outlines just a few of the important settings that you can modify within ConfigServer Firewall.
Patcher Note
When you run the patcher install.sh
; TESTING MODE will automatically
be disabled after the script has successfully completed.
TESTING
: Set this value to 0 to disable testing mode and activate the firewall.TCP_IN
andTCP_OUT
: These settings define the allowed incoming and outgoing TCP ports, respectively. Add or remove ports as required, separated by commas.UDP_IN
andUDP_OUT
: These settings define the allowed incoming and outgoing UDP ports, respectively. Add or remove ports as required, separated by commas.DENY_IP_LIMIT
: This setting defines the maximum number of IP addresses that can be listed in the /etc/csf/csf.deny file. Adjust this limit as needed.CT_LIMIT
: This setting controls the number of connections from a single IP address that are allowed before the IP is temporarily blocked. Adjust this value according to your server’s requirements.
Make sure to review the configuration file and adjust the settings to suit your server’s needs. After making changes to the configuration file, save and exit the text editor.
Two csf.conf configuration files have been provided as examples; a full version, and clean (uncommented) version, and can be viewed on the csf.conf page.
Start ConfigServer¶
After you have set your config file to its desired values; you can now start up or restart the CSF service to apply the configurations. Open Terminal and run:
Enable¶
Enable csf and lfd if previously disabled
Start¶
Starts the firewall and applies any rules that have been configured at startup.
Restart¶
Restart firewall rules (csf)
A full list of CSF commands have been provided in our Cheatsheet: Commands section.