Install WebUI ¶
ConfigServer Firewall offers a WebUI for the managing firewall from the web interface. This section explains how to install the WebUI.
Step 1: Install Required Perl Modules:¶
The CSF WebUI requires a few Perl modules to be installed on your system. Use the following commands to install the required modules as per your operating system.
Debian based systems:
sudo apt-get install libio-socket-ssl-perl libcrypt-ssleay-perl \
libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl
Redhat based systems:
sudo yum install perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN \
perl-IO-Socket-INET6 perl-Socket6
Step 2: Enable CSF Firewall Web UI:¶
To enable CSF web UI edit /etc/csf/csf.conf file in your favorite text editor and update the following values.
# 1 to enable, 0 to disable web ui
UI = "1"
# Set port for web UI. The default port is 6666, but
# I change this to 1025 to easy access. Default port create some issue
# with popular chrome and firefox browser (in my case)
UI_PORT = "1025"
# Leave blank to bind to all IP addresses on the server
UI_IP = ""
# Set username for authetnication
UI_USER = "admin"
# Set a strong password for authetnication
UI_PASS = "admin"
Change the following values to your own:
UI_PORT
UI_USER
UI_PASS
After making changes, edit /etc/csf/ui/ui.allow
configuration file and add your public IP to allow access to CSF UI. Change YOUR_PUBLIC_IP_ADDRESS
with your public IP address.
Web UI works under lfd daemon. So restart the lfd daemon on your system using the following command.
In order to gain access to the online admin panel; you must ensure lfd and csf are running. You can check by running the command:
You should see the lfd
service running:
● lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/lib/systemd/system/lfd.service; enabled; preset: enabled)
Active: active (running) since Mon 2024-08-05 11:59:38 MST; 1s ago
Process: 46393 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
Main PID: 46407 (lfd - sleeping)
Tasks: 8 (limit: 4613)
Memory: 121.7M
CPU: 2.180s
CGroup: /system.slice/lfd.service
Next, confirm csf
service is also running:
Check the output for errors on service csf
. You should see no errors:
● csf.service - ConfigServer Firewall & Security - csf
Loaded: loaded (/lib/systemd/system/csf.service; enabled; preset: enabled)
Active: active (exited) since Mon 2024-08-05 12:04:09 MST; 1s ago
Process: 46916 ExecStart=/usr/sbin/csf --initup (code=exited, status=0/SUCCESS)
Main PID: 46916 (code=exited, status=0/SUCCESS)
CPU: 12.692s
If you see the following error when running csf status
:
csf[46313]: open3: exec of /sbin/ipset flush failed: No such file or directory at /usr/sbin/csf line 5650.
You must install ipset
:
Step 3: Access and Use Web UI:¶
Now, access CSF UI on your browser with the specified port. For this tutorial; we used 1025 port and accessed the CSF admin panel by opening our browser and going to:
When prompted for the username and password; the default is:
Field | Value |
---|---|
Username | admin |
Password | admin |
After successful login, you will find the screen like below.
Allow IP Address: You can use below option to allow any IP quickly. This action adds the entry to the /etc/csf/csf.allow
file.
Deny IP Address: You can use below option to deny any IP quickly. This action adds the entry to the /etc/csf/csf.deny
file.
Unblock IP Address: You can use below option to quickly unblocked any IP which is already blocked by CSF.