Installing ConfigServer Security & Firewall (csf)

From TeamSpeak Wiki
Revision as of 12:53, 6 January 2021 by Admin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Basic CSF install

CSF is a script that vastly extends the capability of iptables on your server, including packet inspection and the ability to automatically IP ban anyone who is brute forcing things such as SSH logins. To quickly install the firewall run the following commands: 

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

At this point CSF will be in "Testing" mode and will not be running any additional protection, open up /etc/csf/csf.conf and change the following lines: 

TESTING = "0"
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,10011,30033,41144"
UDP_IN = "20,21,53,9987"
UDP_OUT = "20,21,53,113,123,873,2011:2110,6277,24441"

If you are utilising IPv6 you will also need to modify TCP6_IN, UDP6_IN and UDP6_OUT.

After changing these lines execute "csf -r" in your shell and the firewall will be active and will have the needed TeamSpeak 3 ports open.

If you want to receive notifications when an IP is blocked you can edit the file /root/.forward and enter an email to send notifications to, bear in mind this will need a mail server such as sendmail, postfix or exim.

CONNLIMIT

THIS DOES NOT WORK WITH OPENVZ SERVERS

CONNLIMIT aka Connection Limiting can help with certain types of attacks against your server, specifically when the user is using the same IP to attack you constantly.

A reasonable base configuration for this would be something like:

CONNLIMIT = "30033;50,10011;50,9987;50"

This will limit a single IP to 50 connections to the server, which should limit the amount of damage that can be done. Ideally you should lower these numbers until you see a problem and then increase the number by 2.

PORTFLOOD

THIS DOES NOT WORK WITH OPENVZ SERVERS

Portflood protection limits the ability of people to attack your server by sending a lot of data quickly from multiple IP's. This limit needs to be set high in case you have a sudden spike in traffic, such as the server restarting or a network outage causing everyone to disconnect and reconnect quickly.

A safe default would look something like:

PORTFLOOD = "80;tcp;20;10,10011;tcp;50;10,30033;tcp;50;10"

This will limit traffic to 50 connections per 10 seconds to the server, which should limit the amount of damage that can be done. Ideally you should lower these numbers until you see a problem and then increase the number by 10.

SYNFLOOD

This option is only effective at preventing SYN attacks against file transfer and Server Query ports, it has no effect on normal voice traffic to port 9987. this can/will also significantly slow down connections to your servers TCP ports, so you may wish to only use this when you are certain users are attacking File Transfer and/or Server Query.

A reasonable default would be:

SYNFLOOD = "1"

SYNFLOOD_RATE = "200/s"

SYNFLOOD_BURST = "150"

Retrieved from ‘https://teamspeak.wiki/index.php?title=Installing_ConfigServer_Security_%26_Firewall_(csf)&oldid=115