ConfigServer Security & Firewall (CSF) is a stateful packet inspection firewall (SPI), login/intrusion detection, and security application for Linux servers. It is a very popular security suite, but isn’t officially supported yet on CentOS 7.
CentOS 7 uses firewalld rather than iptables. A quick internet search will show that many faithful CentOS users find firewalld far too complicated for their needs and are reverting back to iptables. Iptables was the standard firewall for CentOS 5 and 6.
This guide shows you how to disable firewalld, install IP tables, CSF dependencies, and CSF.
Install CSF
Stop and disable firewalld.
systemctl disable firewalld
systemctl stop firewalld
Install iptables.
yum -y install iptables-services
Create files needed by iptables.
touch /etc/sysconfig/iptables
touch /etc/sysconfig/iptables6
Start iptables.
systemctl start iptables
systemctl start ip6tables
Enable iptables at boot.
systemctl enable iptables
systemctl enable ip6tables
Install the CSF dependencies.
yum -y install wget perl unzip net-tools perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph -y
Download and launch the CSF installer.
cd /opt
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Remove the installation files.
rm -rf /opt/csf
rm /opt/csf.tgz
(Optional) Webmin integration
If you use Webmin, then you can install the CSF Webmin module.
Login to Webmin and navigate to the following page.
Webmin > Webmin Configuration > Webmin Modules >
Click “From local file” and insert the following.
/usr/local/csf/csfwebmin.tgz >
Install the module.