Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [csf]

ConfigServer Security & Firewall

A Packet Inspection (SPI) firewall and Login/Intrusion Detection application for Linux servers. Combines firewall with log monitoring tools for general Linux security protection. Web interface works from cpanel or webmin.

http://configserver.com/cp/csf.html

121 questions
7
votes
1 answer

PPTP VPN iptables firewall issues csf

I am having a problem with iptables and a PPTP VPN, I have read related topics both on hear and online but still can't get it to work! I am trying to set up PPTP on an ubuntu server on our local network, to force clients to have to log in through…
Pez Cuckow
  • 525
  • 3
  • 8
  • 22
5
votes
1 answer

IP addresses denied in /etc/hosts.allow appear in /etc/csf/csf.deny?

I modify my /etc/hosts.allow file as sshd : 192.168.0.0/255.255.255.0 : allow sshd : xxx.xxx.xxx.* : allow sshd : ALL : deny (where the xxx represent my actual IP address numbers and the wildcard * represents the full range 0-255) then restart sshd…
user46688
  • 176
  • 1
  • 12
5
votes
1 answer

DHCP request error. Send_packet not permitted, How to debug, What does it mean

I recently installed CSF firewall and have made live a new server which is accepting around 600req/second. Its basically a reverse proxy and I found in pingdom and munin that for a particular time, the response times of the server increased by 3…
Sparsh Gupta
  • 1,117
  • 7
  • 20
  • 31
5
votes
1 answer

Running docker containers only local behind csf firewall

I want to access docker containers only locally behind the csf firewall on a remote Ubuntu server. I changed the DOCKER settings options in /etc/csf/csf.conf to 1 to allow docker to change iptable rules. If I am starting my container with -p…
mhellmeier
  • 151
  • 4
4
votes
1 answer

How to white-list specific PHP script process in CSF?

I repeatedly receive a "Suspicious Process" notice from lfd. I'm 100% positive that the PHP script triggering this warning is safe. I wrote it myself and it makes some cross server calls that must look suspicious to csf. Now I know how to whitelist…
Luke Franklin
  • 151
  • 1
  • 5
4
votes
1 answer

csf dovecot and IP blocking

I'm using csf and noticed a lot of brute force password attempts into a particular pop3 account. csf does not appear to be blocking the IP addresses as it does with other processes. Is there a switch or config option that someone can point me to…
jim
  • 41
  • 3
3
votes
1 answer

How to block all IPs in CSF except few static IPs?

The title is telling I guess. I'm wondering how to block ALL IPs in csf.deny except few trusted IPs? I've googled but could not find the answer.
Jand
  • 213
  • 1
  • 4
  • 7
3
votes
1 answer

CSF blocks my IP trying to access Webmin

I'm in no way a sysadmin, so bear with me a little. I have a cloud server running Centos 5. I have Virtualmin/Webmin with a handful of sites running without issue. I also have CSF installed to stop persistent bot attacks. I can access all my sites…
Dan J
  • 135
  • 2
  • 6
3
votes
2 answers

How to make permanent changes to iptables of CentOS 5.5

I want to make an iptable rule permanent so if the server is rebooted I won't have to add the rule again. Specifically a rule I have related to nginx being reverse proxy of apache. iptables -t nat -A PREROUTING -p tcp -s ! 266.266.266.266 --dport 80…
diav
  • 33
  • 1
  • 3
2
votes
1 answer

Is it possible to open a CSF-LFD closed port without attaching an IP to it?

CSF-LFD blocks nearly all open ports. It also blocks port 10000 which I need. I can open the port via a similar code: cat << EOF >> /etc/csf/csf.conf tcp|in|d=10000|s=aa.bb.cc.dd EOF service csf restart For newcomers who read this, note I picked…
user329119
2
votes
2 answers

csf Integrated User Interface not working

I've installed CSF on ubuntu 14.04 using their official install guide. After disabling UFW with the following command: sudo ufw disable then I have modified csf.conf with the following values: (comments removed to make question…
Bor691
  • 213
  • 4
  • 14
2
votes
2 answers

CSF/LFD - Suspicious processes when running nginx+php5-fpm+ Mysql

I am running LFD/CSF on three servers and on all servers I have the same problem since the first day when I set-up the server and installed LFD/CSF. I have nginx + php5-fpm + MySQL installed and lfd.log file is full of warnings: Jan 3 00:21:57…
user1821484
  • 1,119
  • 2
  • 13
  • 18
2
votes
1 answer

MySQL port 3306 blocked in csf yet can still telnet to port 3306 from external host

We have a Centos 6 VPS that was recently migrated to a new machine within the same web hosting company. It's running WHM/cPanel and has csf/lfd installed. csf is set up with mostly vanilla config. I'm no iptables expert, csf has not let me down…
Neek
  • 133
  • 1
  • 5
2
votes
1 answer

Best way for automated ban / throttle of aggressive clients on a Linux / Apache webserver for a period of time?

I notice occasional spikes on my server load and when I check access logs I notice a pattern for some automated forum poster that tries to repeatedly access a comment/reply URL. What would be the best way to throttle /ban these for a few minutes /…
giorgio79
  • 1,747
  • 9
  • 25
  • 36
2
votes
1 answer

What is the purpose of filtering egressing traffic (CSF)?

For a while now I am using CSF as main firewall with LFD, and OSSEC as main IDS. (I like OSSEC over the overreacting builtin IDS of CSF). I tested it for small DoS attacks such a slowloris variants and synfloods. Works fine. Apache is running with…
BTZ
  • 23
  • 4
1
2 3
8 9