Find out how you can install CSF Firewall on AlmaLinux 8 to protect your VPS cloud server! CSF Firewall is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application that is very popular among Linux servers. Furthermore, it is absolutely free to us!
CSF Firewall vs firewalld
firewalld is pre-installed in most Linux distributions, such as the AlmaLinux 8. In addition to the basic filtering network packets, CSF Firewall includes other security features. For instance, its login intrusion and flood detections. Hence CSF is able to recognize many attacks, such as port scans, SYN floods, and login brute force attacks on many services. Therefore upon detecting suspicious activities, CSF will temporarily place the attacker on a block list. Last but not least, CSF Firewall is also very popular among cPanel, DirectAdmin and Webmin control panel users, for its UI integration, something the firewalld does not offer.
Summary
- Create a Scalable VPS with AlmaLinux 8
- Connect to your VPS Cloud Server via SSH
- Install CSF Firewall
- Disable firewalld and any other iptables firewall
- Start using CSF Firewall
Install CSF Firewall
- Begin first by installing the prerequisites using the following command:
dnf install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph wget tar perl-Math-BigInt
- Next, execute the following commands to download, extract and install CSF Firewall:
cd /usr/src wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh
- Finally, you can now run this command to check if your cloud server has the required iptable modules:
perl /usr/local/csf/bin/csftest.pl
Now, you should expect to see the following output, confirming everything is well:
Testing ip_tables/iptable_filter…OK
Testing ipt_LOG…OK
Testing ipt_multiport/xt_multiport…OK
Testing ipt_REJECT…OK
Testing ipt_state/xt_state…OK
Testing ipt_limit/xt_limit…OK
Testing ipt_recent…OK
Testing xt_connlimit…OK
Testing ipt_owner/xt_owner…OK
Testing iptable_nat/ipt_REDIRECT…OK
Testing iptable_nat/ipt_DNAT…OKRESULT: csf should function on this server
Disable firewalld and any other iptables firewall
- Run the following commands to disable firewalld
systemctl stop firewalld systemctl disable firewalld
- Note that if you have already installed any other iptables firewall script, such as the APF, do remove or disable it too.
Start using CSF Firewall
- Let us being by running the following command to turn off testing mode:
sed 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf
- You can now restart CSF Firewall using the following command, and you’re done!
csf -r
Conclusions
This article shows you how to install CSF Firewall on AlmaLinux 8, one of the basic and free ways to secure your cloud VPS server. In summary, by following these simple steps, you can enhance the protection of your VPS cloud server or dedicated server, for free! Finally, be sure to check out CSF Firewall’s readme file to learn how to use the firewall to protect yourself effectively.