In this tutorial, we will show you how to install CSF Firewall on Ubuntu 22.04 LTS. For those of you who didn’t know, ConfigServer Security & Firewall (CSF) is an open-source software firewall application. It is working based on iptables. Firewall configuration script is created to provide better security for your server while giving you an easy-to-use, advanced interface for managing your firewall settings. CSF configures your server’s firewall to lock down public access to services and only allow certain connections.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘
sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the CSF Firewall on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.
- A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
non-root sudo useror access to the
root user. We recommend acting as a
non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install CSF Firewall on Ubuntu 22.04 LTS Jammy Jellyfish
Step 1. First, make sure that all your system packages are up-to-date by running the following
apt commands in the terminal.
sudo apt update sudo apt upgrade sudo apt installperl zip unzip libwww-perl liblwp-protocol-https-perlsendmail-bin
Step 2. Installing CSF Firewall on Ubuntu 22.04.
By default, the CSF Firewall is not available on Ubuntu 22.04 base repository. Now run the following command below to download the latest version of CSF to your Ubuntu system:
cd /usr/src sudo wget http://download.configserver.com/csf.tgz
Next, extract your downloaded file:
sudo tar -xvzf csf.tgz
Now install CSF using the following command:
cd csf sh install.sh
Verify if the required iptables modules are present:
sudo perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing xt_connlimit...OK Testing ipt_owner/xt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK Testing iptable_nat/ipt_DNAT...OK RESULT: csf should function on this server
Confirm the installation and check the installed build version of CSF Firewall:
Configure CSF Firewall Ubuntu 22.04
Step 3. Configure CSF Firewall.
Open the CSF configuration file with your favorite text editor, here we use nano text editor:
sudo nano /etc/csf/csf.conf
Find the line below and change its value to “
0” as shown below:
TESTING = "0"
Save and close the file, then reload the CSF firewall with the following command:
Additional configuration to allow additional port connections:
sudo nano /etc/csf/csf.conf
TCP_IN directive and add your ports:
# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995,3306"
Step 4. Essential Commands to Manage CSF.
You can start the CSF service on your server by:
To stop the CSF service on Ubuntu 22.04, use the command below:
And to restart the CSF, you can use the command below:
Step 4. Accessing the CSF Web Interface.
CSF provides a web-based interface to manage the firewall from a web browser. First, edit the CSF main configuration file with the following command:
Add the following lines:
#Enable Web UI UI = "1" #Listening Port UI_PORT = "8080" #Admin username UI_USER = "admin" #Admin user password UI_PASS = "your-strong-password" #Listening Interface UI_IP = ""
Save and close the file when you are finished. Then, you will need to edit the
/etc/csf/ui/ui.allow file and add your server IP address and remote machine IP from where you want to access the CSF web UI.
Add your server IP and remote machine IP:
Save and close the file, then restart the CSF and LFD service to apply the changes:
csf -r service lfd restart
Once successfully set up, open your web browser and type the URL
http://your-IP-address:8080. You will be redirected to the phpMyAdmin login page:
Congratulations! You have successfully installed CSF. Thanks for using this tutorial for installing the CSF Firewall on Ubuntu 22.04 LTS Jammy Jellyfish system. For additional help or useful information, we recommend you check the official CSF website.