UI-CFS
Enable CSF UI
Edit File: /etc/csf/csf.conf
UI = "1"
UI_PORT = "6666"
TCP_IN = add port 6666 at the end
UI_USER = "test2"
UI_PASS = "test2"
** Dont forget to set the strong login, after-all this is your server firewall!!!
to access it you can use your SSL hostname or IP, example
https://IPaddress:6666
----------------------
Access CSF Web UI
CSF has integrated Web UI which can be used for configuration. Enable the UI on /etc/csf/csf.conf file.
UI = "1"
You can also set custom values for:
# Set this to the port that want to bind this service to
UI_PORT = "6666"
# Leave blank to bind to all IP addresses on the server
UI_IP = ""
UI_USER = "admin"
UI_PASS = "StrongAdminPassword"
Then add IP addresses to whitelist.
sudo echo "YOUR_IP_ADDRESS" >> /etc/csf/ui/ui.allow
Start or restart lfd service
$ sudo systemctl enable --now lfd
$ systemctl status lfd
● lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-03-17 20:05:10 EAT; 33s ago
Process: 21213 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
Main PID: 21226 (lfd - sleeping)
Tasks: 1 (limit: 11510)
Memory: 392.1M
CGroup: /system.slice/lfd.service
└─21226 lfd - sleeping >
Mar 17 20:05:10 rhel8.local systemd[1]: Starting ConfigServer Firewall & Security - lfd…
Mar 17 20:05:10 rhel8.local systemd[1]: Started ConfigServer Firewall & Security - lfd.
Access CSF firewall on configured Port.
=============
How to Enable CSF Firewall Web UI
Written by Rahul K.
ConfigServer Security & Firewall (CSS) is an iptables based firewall for Linux systems. In our previous tutorial read installation tutorial of CSF on Linux system. CSF also provides in-built web UI for the managing firewall from the web interface. In this tutorial, you will find how to enable CSF Firewall Web UI on your system.
Read this: How to Install CSF Firewall on Linux
Step 1 – Install Required Perl Modules:
CSF UI required some of Perl modules to be installed on your system. Use the following commands to install required modules as per your operating system.
Debian based systems:
$ sudo apt-get install libio-socket-ssl-perl libcrypt-ssleay-perl \ libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl
Redhat based systems:
$ sudo yum install perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN \ perl-IO-Socket-INET6 perl-Socket6
Step 2 – Enable CSF Firewall Web UI:
To enable CSF web UI edit /etc/csf/csf.conf file in your favorite text editor and update the following values.
$ sudo vim /etc/csf/csf.conf
# 1 to enable, 0 to disable web ui UI = "1" # Set port for web UI. The default port is 6666, but # I change this to 1025 to easy access. Default port create some issue # with popular chrome and firefox browser (in my case) UI_PORT = "1025" # Leave blank to bind to all IP addresses on the server UI_IP = "" # Set username for authetnication UI_USER = "admin" # Set a strong password for authetnication UI_PASS = "admin"
After making changes, edit /etc/csf/ui/ui.allow configuration file and add your public IP to allow access to CSF UI. Change OUR_PUBLIC_IP_ADDRESS with your public IP address.
$ sudo echo "YOUR_PUBLIC_IP_ADDRESS" >> /etc/csf/ui/ui.allow
Web UI works under lfd daemon. So restart the lfd daemon on your system using the following command.
$ sudo service lfd restart
Step 3 – Access and Use Web UI:
Now, access CSF UI on your browser with the specified port. For this tutorial, I have used 1025 port. This will prompt for user authentication first. After successful login, you will find the screen like below.
Allow IP Address – You can use below option to allow any IP quickly. This add the entry in /etc/csf/csf.allow file.
Deny IP Address – You can use below option to deny any IP quickly. This add the entry in /etc/csf/csf.deny file.
Unblock IP Address – You can use below option to quickly unblocked any IP which is already blocked by CSF.