Installation of CSF Firewall in Debian system 11
The following tutorial describes how to install the CSF firewall on a Debian system 11
We will do everything in the console by executing a few simple commands.
We start the terminal and update the system packages:
1 | sudo apt update |
We install the necessary packages:
1 | sudo apt install libio-socket-inet6-perl libsocket6-perl -y |
1 | sudo apt install sendmail dnsutils unzip libio-socket-ssl-perl -y |
1 | sudo apt install libcrypt-ssleay-perl git perl iptables libnet-libidn-perl -y |
Pobieramy CSF
1 | wget http://download.configserver.com/csf.tgz |
unpack
1 | sudo tar -xvzf csf.tgz |
We install in the system:
1 | cd csf && sh install.sh |
The next step is to run it in the system:
1 | sudo systemctl start csf |
The next step is to update the perl rules:
1 | perl /usr/local/csf/bin/csftest.pl |
We add csf to the system autostart:
1 | sudo systemctl enable csf |
We go to the initial configuration.
edit file:
At section
# Allow incoming TCP ports
And
# Allow outgoing TCP ports
We set the ports we want to have unlocked, for example:
If we want to block an ip address, we add it to the file:
1 | sudo nano /etc/csf/csf.deny |
After making the changes, reload the firewall with the command:
1 | sudo csf -r |