Installing ConfigServer Security & Firewall (csf): Difference between revisions

From TeamSpeak Wiki
Jump to navigation Jump to search
VisualWikitext
(Created page with "**Install and Configure a More Advanced Firewall** CSF is a script that vastly extends the capability of iptables on your server, including packet inspection and the ability...")
 
No edit summary
Line 1: Line 1:
**Install and Configure a More Advanced Firewall**
CSF is a script that vastly extends the capability of iptables on your server, including packet inspection and the ability to automatically IP ban anyone who is brute forcing things such as SSH logins. To quickly install the firewall run the following commands:
CSF is a script that vastly extends the capability of iptables on your server, including packet inspection and the ability to automatically IP ban anyone who is brute forcing things such as SSH logins. To quickly install the firewall run the following commands:
     cd /usr/src
     cd /usr/src
     rm -fv csf.tgz
     rm -fv csf.tgz
Line 9: Line 6:
     cd csf
     cd csf
     sh install.sh
     sh install.sh
At this point CSF will be in "Testing" mode and will not be running any additional protection, open up /etc/csf/csf.conf and change the following lines:
At this point CSF will be in "Testing" mode and will not be running any additional protection, open up /etc/csf/csf.conf and change the following lines:
     TESTING = "0"
     TESTING = "0"
     TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,10011,30033,41144"
     TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,10011,30033,41144"
     UDP_IN = "20,21,53,9987"
     UDP_IN = "20,21,53,9987"
     UDP_OUT = "20,21,53,113,123,873,2011:2110,6277,24441"
     UDP_OUT = "20,21,53,113,123,873,2011:2110,6277,24441"
If you are utilising IPv6 you will also need to modify TCP6_IN, UDP6_IN and UDP6_OUT.
If you are utilising IPv6 you will also need to modify TCP6_IN, UDP6_IN and UDP6_OUT.


Revision as of 05:15, 6 January 2021

CSF is a script that vastly extends the capability of iptables on your server, including packet inspection and the ability to automatically IP ban anyone who is brute forcing things such as SSH logins. To quickly install the firewall run the following commands: 

   cd /usr/src
   rm -fv csf.tgz
   wget https://download.configserver.com/csf.tgz
   tar -xzf csf.tgz
   cd csf
   sh install.sh

At this point CSF will be in "Testing" mode and will not be running any additional protection, open up /etc/csf/csf.conf and change the following lines: 

   TESTING = "0"
   TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,10011,30033,41144"
   UDP_IN = "20,21,53,9987"
   UDP_OUT = "20,21,53,113,123,873,2011:2110,6277,24441"

If you are utilising IPv6 you will also need to modify TCP6_IN, UDP6_IN and UDP6_OUT.

After changing these lines execute "csf -r" in your shell and the firewall will be active and will have the needed TeamSpeak 3 ports open.

If you want to receive notifications when an IP is blocked you can edit the file /root/.forward and enter an email to send notifications to, bear in mind this will need a mail server such as sendmail, postfix or exim.

Retrieved from ‘https://teamspeak.wiki/index.php?title=Installing_ConfigServer_Security_%26_Firewall_(csf)&oldid=15