How Can We Help?
< All Topics

Ubuntu with CSF Firewall

Step 1 – Install CSF

By default, CSF is not available in the Ubuntu standard repository, so you will need to download it from their official website.


Once downloaded, extract the downloaded file with the following command:

tar -xvzf csf.tgz

Disable UFW

ufw disable

Next, change the directory to the extracted directory and install CSF by running the script:

cd csf

Once the installation has been completed successfully, you should get the following output:

Installation Completed

Next, verify whether all required Iptables modules are installed with the following command:

perl /usr/local/csf/bin/

If everything is fine, you should get the following output:

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

Step 2 – Configure CSF

Next, you will need to configure CSF as per your security standard. You can configure it by editing the file /etc/csf/csf.conf:

nano /etc/csf/csf.conf

Change the following line per your requirements:

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"

# Allow incoming UDP ports
UDP_IN = "20,21,53,80,443"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "20,21,53,113,123"

# Allow incoming PING. Disabling PING will likely break external uptime
# monitoring
ICMP_IN = "1"

Save and close the file, then restart the CSF with the following command:

csf -r

Enable CSF

systemctl enable csf
Table of Contents