Faruque Ahmed : MCP, MCSA, MCSE, MCTS, MCIT, CCNA, OCA, OCP, GCP
Edit File: /etc/csf/csf.conf
UI = "1"
UI_PORT = "6666"
TCP_IN = add port 6666 at the end
UI_USER = "test2"
UI_PASS = "test2"
** Dont forget to set the strong login, after-all this is your server firewall!!!
to access it you can use your SSL hostname or IP, example
https://IPaddress:6666
----------------------
CSF has integrated Web UI which can be used for configuration. Enable the UI on /etc/csf/csf.conf file.
UI = "1"
You can also set custom values for:
# Set this to the port that want to bind this service to
UI_PORT = "6666"
# Leave blank to bind to all IP addresses on the server
UI_IP = ""
UI_USER = "admin"
UI_PASS = "StrongAdminPassword"
Then add IP addresses to whitelist.
sudo echo "YOUR_IP_ADDRESS" >> /etc/csf/ui/ui.allow
Start or restart lfd service
$ sudo systemctl enable --now lfd
$ systemctl status lfd
● lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-03-17 20:05:10 EAT; 33s ago
Process: 21213 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
Main PID: 21226 (lfd - sleeping)
Tasks: 1 (limit: 11510)
Memory: 392.1M
CGroup: /system.slice/lfd.service
└─21226 lfd - sleeping >
Mar 17 20:05:10 rhel8.local systemd[1]: Starting ConfigServer Firewall & Security - lfd…
Mar 17 20:05:10 rhel8.local systemd[1]: Started ConfigServer Firewall & Security - lfd.
Access CSF firewall on configured Port.
=============
Written by Rahul K.
ConfigServer Security & Firewall (CSS) is an iptables based firewall for Linux systems. In our previous tutorial read installation tutorial of CSF on Linux system. CSF also provides in-built web UI for the managing firewall from the web interface. In this tutorial, you will find how to enable CSF Firewall Web UI on your system.
Read this: How to Install CSF Firewall on Linux
CSF UI required some of Perl modules to be installed on your system. Use the following commands to install required modules as per your operating system.
Debian based systems:
$ sudo apt-get install libio-socket-ssl-perl libcrypt-ssleay-perl \ libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl
Redhat based systems:
$ sudo yum install perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN \ perl-IO-Socket-INET6 perl-Socket6
To enable CSF web UI edit /etc/csf/csf.conf file in your favorite text editor and update the following values.
$ sudo vim /etc/csf/csf.conf
# 1 to enable, 0 to disable web ui UI = "1" # Set port for web UI. The default port is 6666, but # I change this to 1025 to easy access. Default port create some issue # with popular chrome and firefox browser (in my case) UI_PORT = "1025" # Leave blank to bind to all IP addresses on the server UI_IP = "" # Set username for authetnication UI_USER = "admin" # Set a strong password for authetnication UI_PASS = "admin"
After making changes, edit /etc/csf/ui/ui.allow configuration file and add your public IP to allow access to CSF UI. Change OUR_PUBLIC_IP_ADDRESS with your public IP address.
$ sudo echo "YOUR_PUBLIC_IP_ADDRESS" >> /etc/csf/ui/ui.allow
Web UI works under lfd daemon. So restart the lfd daemon on your system using the following command.
$ sudo service lfd restart
Now, access CSF UI on your browser with the specified port. For this tutorial, I have used 1025 port. This will prompt for user authentication first. After successful login, you will find the screen like below.
Allow IP Address – You can use below option to allow any IP quickly. This add the entry in /etc/csf/csf.allow file.
Deny IP Address – You can use below option to deny any IP quickly. This add the entry in /etc/csf/csf.deny file.
Unblock IP Address – You can use below option to quickly unblocked any IP which is already blocked by CSF.