How To Install CSF Firewall on Ubuntu 22.04 LTS

Install CSF Firewall on Ubuntu 22.04

In this tutorial, we will show you how to install CSF Firewall on Ubuntu 22.04 LTS. For those of you who didn’t know, ConfigServer Security & Firewall (csf) is an open source software firewall application. It is working based on iptables. Firewall configuration script created to provide better security for your server while giving you an easy to use, advanced interface for managing your firewall settings. CSF configures your server’s firewall to lock down public access to services and only allow certain connections.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the CSF Firewall on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

Prerequisites

  • A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo useror access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install CSF Firewall on Ubuntu 22.04 LTS Jammy Jellyfish

Step 1. First, make sure that all your system packages are up-to-date by running the following apt commands in the terminal.

sudo apt update
sudo apt upgrade
sudo apt installperl zip unzip libwww-perl liblwp-protocol-https-perlsendmail-bin

Step 2. Installing CSF Firewall on Ubuntu 22.04.

By default, the CSF Firewall is not available on Ubuntu 22.04 base repository. Now run the following command below to download the latest version of CSF to your Ubuntu system:

cd /usr/src
sudo wget http://download.configserver.com/csf.tgz

Next, extract your downloaded file:

sudo tar -xvzf csf.tgz

Now install CSF using the following command:

cd csf
sh install.sh

Verify if the required iptables modules are present:

sudo perl /usr/local/csf/bin/csftest.pl

Sample output:

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

Confirm the installation and check the installed build version of CSF Firewall:

csf -v

Step 3. Configure CSF Firewall.

Open the CSF configuration file with your favorite text editor, here we use nano text editor:

sudo nano /etc/csf/csf.conf

Find the line below and change its value to “0” as shown below:

TESTING = "0"

Save and close the file, then reload the CSF firewall with the following command:

csf -ra

Additional configuration to allow additional port connections:

sudo nano /etc/csf/csf.conf

Locate the TCP_IN directive and add your ports:

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995,3306"

Step 4. Essential Commands to Manage CSF.

You can start the CSF service on your server by:

csf -s

To stop the CSF service on Ubuntu 22.04, use the command below:

csf -f

And to restart the CSF, you can use the command below:

csf -ra

Step 4. Accessing the CSF Web Interface.

CSF provides a web-based interface to manage the firewall from a web browser. First, edit the CSF main configuration file with the following command:

nano /etc/csf/csf.conf

Add the following lines:

#Enable Web UI
UI = "1"

#Listening Port
UI_PORT = "8080"

#Admin username
UI_USER = "admin"

#Admin user password

UI_PASS = "your-strong-password"

#Listening Interface
UI_IP = ""

Save and close the file when you are finished. Then, you will need to edit the /etc/csf/ui/ui.allow file and add your server IP address and remote machine IP from where you want to access the CSF web UI.

nano /etc/csf/ui/ui.allow

Add your server IP and remote machine IP:

your-server-ip
remote-machine-ip

Save and close the file, then restart the CSF and LFD service to apply the changes:

csf -r
service lfd restart

Once successfully set up, open your web browser and type the URL http://your-IP-address:8080. You will be redirected to the phpMyAdmin login page:

Congratulations! You have successfully installed CSF. Thanks for using this tutorial for installing the CSF Firewall on Ubuntu 22.04 LTS Jammy Jellyfish system. For additional help or useful information, we recommend you check the official CSF website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!