How To Install CSF Firewall on Debian 12
In this tutorial, we will show you how to install CSF Firewall on Debian 12. Firewalls are the first line of defense in network security. They control incoming and outgoing network traffic based on predetermined security rules. Among the various firewall solutions for Linux systems, CSF (Config Server Firewall) stands out for its ease of use and rich feature set. CSF is a popular Stateful Packet Inspection (SPI) firewall that leverages iptables, providing an intuitive way to secure your Debian 12 servers.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Percona Server on a Debian 12 (Bookworm).
Prerequisites
- A server running one of the following operating systems: Debian 12 (Bookworm).
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for CSF Firewall.
- A user account with sudo privileges to execute administrative commands.
Install CSF Firewall on Debian 12 Bookworm
Step 1. Begin by updating your system’s package repository to ensure all your software is up to date. This can be done by executing the following command:
sudo apt update sudo apt upgrade
If UFW is installed and running on your system, it‘s essential to disable it to prevent any interference with CSF:
sudo ufw disable
Step 2. Installing Required Dependencies.
Now we install the necessary dependencies including iptables, perl, and other required Perl modules to ensure CSF can run without issues.
sudo apt install iptables perl libwww-perl liblwp-protocol-https-perl
Step 3. Installing CSF (Config Server Firewall) on Debian 12.
With the prerequisites in place, the next step is to download the CSF package. The package can be obtained directly from the official ConfigServer website using the wget command. Once downloaded, you’ll need to extract the contents of the tarball for installation:
cd /usr/src sudo wget https://download.configserver.com/csf.tgz sudo tar -xvzf csf.tgz
Navigate to the CSF directory and execute the installer script:
cd csf sudo sh install.sh
Before proceeding with the configuration, it’s wise to test the CSF installation to ensure that all necessary iptables modules are available and functioning correctly. CSF provides a script named csftest.pl for this purpose:
sudo perl /usr/local/csf/bin/csftest.pl
This script will check for the presence of required modules and report any issues. A successful test indicates that CSF is ready for configuration.
Step 4. Configuring CSF.
Configuration of CSF is handled through the csf.conf file located in /etc/csf/csf.conf. Initially, CSF is in “testing” mode, which means it won’t actively block traffic. To enable CSF, you’ll need to edit this file and set TESTING to “0”:
sudo nano /etc/csf/csf.conf
Find the line containing TESTING = "1" and change it to TESTING = "0". Additionally, you can adjust other settings within this file to tailor CSF to your environment‘s specific needs. After making changes, apply them by restarting CSF:
csf -r
Step 5. Testing and Verification.
Ensure your firewall rules are working as expected. Verify that CSF and LFD services are active and running without errors. Check logs for any issues:
sudo systemctl status csf lfd
Step 5. Managing CSF via CLI.
CSF offers a variety of commands for managing the firewall directly from the CLI. These commands allow you to start, enable, stop, and restart the CSF service, as well as manage firewall rules. Some basic commands include:
sudo csf -s: Start the firewall rules.sudo csf -f: Flush/stop firewall rules.sudo csf -r: Restart the firewall rules.
Step 6. Enabling CSF Web UI.
To enable the CSF (Config Server Firewall) Web UI on Debian 12, you need to follow a series of steps that involve editing configuration files and restarting services. The Web UI allows for easier management of the firewall through a web browser interface.
You need to edit the CSF configuration file to enable the Web UI feature:
sudo nano /etc/csf/csf.conf
In the configuration file, find and change the following settings to enable the Web UI and set your desired port, IP address, username, and password:
UI = "1" UI_PORT = "<desired_port>" UI_IP = "<your_server_ip>" UI_USER = "<desired_username>" UI_PASS = "<strong_password>"
Replace <desired_port>, <your_server_ip>, <desired_username>, and <strong_password> with your actual port number, server IP, username, and a strong password.
After making the changes, restart the CSF and LFD (Login Failure Daemon) services to apply the new configuration:
sudo csf -ra
Step 7. Access the CSF Web UI.
Open your web browser and navigate to your server’s IP address followed by the CSF Web UI port you set earlier (e.g., https://<server-ip>:<CSF-UI-port>). You should be prompted with a login page where you can enter the username and password you set in the configuration file
Congratulations! You have successfully installed the CSF Firewall. Thanks for using this tutorial to install the latest version of the CSF (Config Server Firewall) on Debian 12 Bookworm. For additional help or useful information, we recommend you check the official CSF Firewall website.
