UnixServerAdmin

Server Administration & Management

APF Error – Unable to load iptables module (ipt_state), aborting

# cd /etc/apf/

# apf -s

Unable to load iptables module (ipt_state), aborting.

Here is the fix

# vim /etc/apf/internals/functions.apf

Replace the lines
==============
ml ipt_state 1
ml ipt_multiport 1
==============

With
==============
ml xt_state
ml xt_multiport
==============

Restart apf

# cd /etc/apf/

# apf -s

Advertisements

October 14, 2012 Posted by | Firewall | , | Leave a comment

iptables.sh

#########################################
# IP address block  file ################
#########################################

iptables -F # Flush Iptables

#########################################
# Block Incoming Connection #############
# iptables -A INPUT -s X.x.x.x -j DROP ##
#########################################

##########################################
# Block Outgoing Connection ##############
# iptables -A OUTPUT -d X.x.x.x -j DROP ##
##########################################

#######################################################################
# Allow Incoming SSH only from a Sepcific Network ###################################
# iptables -A INPUT -p tcp -s 10.10.10.0/24 –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT ##
# iptables -A INPUT -p tcp -s 202.54.12.203 –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT ##
########################################################################

########################################################################
# Allow Multiple Ports from Outside world ##########################################
# iptables -A INPUT -p tcp -m multiport –dports 22,80,443 -m state –state NEW,ESTABLISHED -j ACCEPT ##
#######################################################################

February 20, 2012 Posted by | Firewall, Security, Shell Script | , , | Leave a comment

General Iptables Firewall Rules

1. Delete all existing rules
# iptables -F

2. Set default chain policies
# iptables -P INPUT DROP
# iptables -P FORWARD DROP
# iptables -P OUTPUT DROP

3. Block a specific ip-address
BLOCK_THIS_IP=”x.x.x.x”
# iptables -A INPUT -s “$BLOCK_THIS_IP” -j DROP

4. Allow ALL incoming SSH
# iptables -A INPUT -i eth0 -p tcp –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -o eth0 -p tcp –sport 22 -m state –state ESTABLISHED -j ACCEPT

5. Allow incoming SSH only from a sepcific network
# iptables -A INPUT -i eth0 -p tcp -s 192.168.200.0/24 –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -o eth0 -p tcp –sport 22 -m state –state ESTABLISHED -j ACCEPT

6. Allow incoming HTTP
# iptables -A INPUT -i eth0 -p tcp –dport 80 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -o eth0 -p tcp –sport 80 -m state –state ESTABLISHED -j ACCEPT

Allow incoming HTTPS
# iptables -A INPUT -i eth0 -p tcp –dport 443 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -o eth0 -p tcp –sport 443 -m state –state ESTABLISHED -j ACCEPT

7. MultiPorts (Allow incoming SSH, HTTP, and HTTPS)
# iptables -A INPUT -i eth0 -p tcp -m multiport –dports 22,80,443 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -o eth0 -p tcp -m multiport –sports 22,80,443 -m state –state ESTABLISHED -j ACCEPT

8. Allow outgoing SSH
# iptables -A OUTPUT -o eth0 -p tcp –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A INPUT -i eth0 -p tcp –sport 22 -m state –state ESTABLISHED -j ACCEPT

9. Allow outgoing SSH only to a specific network
# iptables -A OUTPUT -o eth0 -p tcp -d 192.168.101.0/24 –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A INPUT -i eth0 -p tcp –sport 22 -m state –state ESTABLISHED -j ACCEPT

10. Allow outgoing HTTPS
# iptables -A OUTPUT -o eth0 -p tcp –dport 443 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A INPUT -i eth0 -p tcp –sport 443 -m state –state ESTABLISHED -j ACCEPT

11. Load balance incoming HTTPS traffic
# iptables -A PREROUTING -i eth0 -p tcp –dport 443 -m state –state NEW -m nth –counter 0 –every 3 –packet 0 -j DNAT –to-destination 192.168.1.101:443
# iptables -A PREROUTING -i eth0 -p tcp –dport 443 -m state –state NEW -m nth –counter 0 –every 3 –packet 1 -j DNAT –to-destination 192.168.1.102:443
# iptables -A PREROUTING -i eth0 -p tcp –dport 443 -m state –state NEW -m nth –counter 0 –every 3 –packet 2 -j DNAT –to-destination 192.168.1.103:443

12. Ping from inside to outside
# iptables -A OUTPUT -p icmp –icmp-type echo-request -j ACCEPT
# iptables -A INPUT -p icmp –icmp-type echo-reply -j ACCEPT

13. Ping from outside to inside
# iptables -A INPUT -p icmp –icmp-type echo-request -j ACCEPT
# iptables -A OUTPUT -p icmp –icmp-type echo-reply -j ACCEPT

14. Allow loopback access
# iptables -A INPUT -i lo -j ACCEPT
# iptables -A OUTPUT -o lo -j ACCEPT

15. Allow packets from internal network to reach external network.
if eth1 is connected to external network (internet)
if eth0 is connected to internal network (192.168.1.x)
# iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

16. Allow outbound DNS
# iptables -A OUTPUT -p udp -o eth0 –dport 53 -j ACCEPT
# iptables -A INPUT -p udp -i eth0 –sport 53 -j ACCEPT

17. Allow NIS Connections
rpcinfo -p | grep ypbind ; This port is 853 and 850
# iptables -A INPUT -p tcp –dport 111 -j ACCEPT
# iptables -A INPUT -p udp –dport 111 -j ACCEPT
# iptables -A INPUT -p tcp –dport 853 -j ACCEPT
# iptables -A INPUT -p udp –dport 853 -j ACCEPT
# iptables -A INPUT -p tcp –dport 850 -j ACCEPT
# iptables -A INPUT -p udp –dport 850 -j ACCEPT

18. Allow rsync from a specific network
# iptables -A INPUT -i eth0 -p tcp -s 192.168.101.0/24 –dport 873 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -o eth0 -p tcp –sport 873 -m state –state ESTABLISHED -j ACCEPT

19. Allow MySQL connection only from a specific network
# iptables -A INPUT -i eth0 -p tcp -s 192.168.200.0/24 –dport 3306 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -o eth0 -p tcp –sport 3306 -m state –state ESTABLISHED -j ACCEPT

20. Allow Sendmail or Postfix
# iptables -A INPUT -i eth0 -p tcp –dport 25 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -o eth0 -p tcp –sport 25 -m state –state ESTABLISHED -j ACCEPT

21. Allow IMAP and IMAPS
# iptables -A INPUT -i eth0 -p tcp –dport 143 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -o eth0 -p tcp –sport 143 -m state –state ESTABLISHED -j ACCEPT

# iptables -A INPUT -i eth0 -p tcp –dport 993 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -o eth0 -p tcp –sport 993 -m state –state ESTABLISHED -j ACCEPT

22. Allow POP3 and POP3S
# iptables -A INPUT -i eth0 -p tcp –dport 110 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -o eth0 -p tcp –sport 110 -m state –state ESTABLISHED -j ACCEPT

# iptables -A INPUT -i eth0 -p tcp –dport 995 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -o eth0 -p tcp –sport 995 -m state –state ESTABLISHED -j ACCEPT

23. Prevent DoS attack
# iptables -A INPUT -p tcp –dport 80 -m limit –limit 25/minute –limit-burst 100 -j ACCEPT

24. Port forwarding 422 to 22
# iptables -t nat -A PREROUTING -p tcp -d 192.168.102.37 –dport 422 -j DNAT –to 192.168.102.37:22
# iptables -A INPUT -i eth0 -p tcp –dport 422 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -o eth0 -p tcp –sport 422 -m state –state ESTABLISHED -j ACCEPT

25. Log dropped packets
# iptables -N LOGGING
# iptables -A INPUT -j LOGGING
# iptables -A LOGGING -m limit –limit 2/min -j LOG –log-prefix “IPTables Packet Dropped: ” –log-level 7
# iptables -A LOGGING -j DROP

February 18, 2012 Posted by | Firewall, Security | , , | Leave a comment

Protected: SYN_Flood Attack Protection

This content is password protected. To view it please enter your password below:

February 6, 2012 Posted by | Firewall, Security, Shell Script, Tips & Tricks | , , , , , | Enter your password to view comments.

Lockout Issues for CSF, when installed in VPS “OR” Can’t enter into server after CSF installation on VPS

If the required IP table modules are not properly loaded to the container node, you may lockout yourself after the installation. If you have access to the main Hardware node, you can perform the following to get it up or ask your VPS provider to perform this on the Hardware (main) node.

Before enabling iptables on VPS, it needs to make sure that the iptables modules are enabled on the Hardware Node. In order to enable iptables modules on Hardware Node, Edit it as the following:-

# /etc/vz/vz.conf
——————————–
IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ip_conntrack_ftp ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp xt_state ipt_recent”
——————————–

# /etc/sysconfig/iptables-config
——————————–
IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ip_conntrack_ftp ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp xt_state ipt_recent”
——————————–

Now your Hardware node is fine. You need to enable the iptable modules to the VPS nodes. (CID – container ID. You can find the value for each node by using the command vzlist -a)

# vzctl stop CID

# vzctl set CID –iptables ipt_REJECT –iptables ipt_tos –iptables ipt_TOS –iptables ipt_LOG –iptables ip_conntrack –iptables ipt_limit –iptables ipt_multiport –iptables iptable_filter –iptables iptable_mangle –iptables ipt_TCPMSS –iptables ipt_tcpmss –iptables ipt_ttl –iptables ipt_length  –iptables ipt_state –iptables iptable_nat –iptables ip_nat_ftp –save

# vzctl set CID –numiptent 2000 –save

# vzctl start CID

Now try entering into your node and restart CSF. It should start working fine.

October 29, 2011 Posted by | CSF, Firewall, Virtualization, Virtuozzo | , , , , | Leave a comment

How to make Virtuozzo Container be able to run ConfigServer Firewall(CSF)

CSF is a powerful Firewall for Linux and cPanel servers are here are the steps to get it working with Virtuozzo VPS

1. Installation

# rm -rvf csf.tgz
# wget http://www.configserver.com/free/csf.tgz
# tar -xzf csf.tgz
# cd csf
# sh install.sh

2. After the installation you will need to customize CSF to run on VPS, edit /etc/sysconfig/iptables and add

# vi /etc/sysconfig/iptables
——————————————–
-A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
-A FORWARD -j ACCEPT -p all -s 0/0 -o venet0
-A INPUT -i venet0 -j ACCEPT
-A OUTPUT -o venet0 -j ACCEPT
——————————————–

3. Create file /etc/csf/csfpre.sh and enter all the extra rules directly into it prefixed with “iptables” so the contents of that file should look something like:

# vi /etc/csf/csfpre.sh
——————————————————
iptables -A INPUT -i venet0 -j ACCEPT
iptables -A OUTPUT -o venet0 -j ACCEPT
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o venet0
——————————————————

4. edit /etc/csf/csf.conf file and add and search for

# vi /etc/csf/csf.conf file
——————————
ETH_DEVICE = “”
change to
ETH_DEVICE = “venet+”
——————————

5. Restart

# /usr/sbin/csf -r  “OR”

# /etc/init.d/csf restart

==================================================================
Lockout Issues for CSF, when installed in VPS

“or”

Cannot enter into server after CSF installation on VPS

If the required IP table modules are not properly loaded to the container node, you may lockout yourself after the installation. If you have access to the main Hardware node, you can perform the following to get it up or ask your VPS provider to perform this on the Hardware (main) node.

Before enabling iptables on VPS, it needs to make sure that the iptables modules are enabled on the Hardware Node. In order to enable iptables modules on Hardware Node, Edit it as the following:-

# /etc/vz/vz.conf
——————————–
IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ip_conntrack_ftp ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp xt_state ipt_recent”
——————————–

# /etc/sysconfig/iptables-config
——————————–
IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ip_conntrack_ftp ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp xt_state ipt_recent”
——————————–

Now your Hardware node is fine. You need to enable the iptable modules to the VPS nodes. (CID – container ID. You can find the value for each node by using the command vzlist -a)

# vzctl stop CID

# vzctl set CID –iptables ipt_REJECT –iptables ipt_tos –iptables ipt_TOS –iptables ipt_LOG –iptables ip_conntrack –iptables ipt_limit –iptables ipt_multiport –iptables iptable_filter –iptables iptable_mangle –iptables ipt_TCPMSS –iptables ipt_tcpmss –iptables ipt_ttl –iptables ipt_length  –iptables ipt_state –iptables iptable_nat –iptables ip_nat_ftp –save

# vzctl set CID –numiptent 2000 –save

# vzctl start CID

Now try entering into your node and restart CSF. It should start working fine.

October 28, 2011 Posted by | CSF, Firewall, Virtualization, Virtuozzo | , , , , | Leave a comment

Securing SSH against Bruteforce attacks

By IPtables, We can secure SSH server against bruteforce attacks

:- Create a new table…

# iptables -N SSH_WHITELIST

:- On the input chain, mark new packets with the SSH ‘tag’

# iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –set –name SSH

:- Push new ssh connections through the SSH_WHITELIST table

# iptables -A INPUT -p tcp –dport 22 -m state –state NEW -j SSH_WHITELIST

:- Limit 4 connections from an ip per 60 seconds, to be more strict, use 300 seconds.
:- Log connections that go over this limit and drop the packets.

# iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 –rttl –name SSH -j ULOG –ulog-prefix SSH_brute_force

# iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 –rttl –name SSH -j DROP

:- Check source IPs, if they match trusted hosts, remove SSH ‘tag’ and accept the traffic.

# iptables -A SSH_WHITELIST -s 10.0.1.1 -m recent –remove –name SSH -j ACCEPT

# iptables -A SSH_WHITELIST -s 192.168.88.0/24 -m recent –remove –name SSH -j ACCEPT

# /etc/init.d/iptables save

# chkconfig iptables on

September 7, 2011 Posted by | Firewall, Security, SSH | , , | Leave a comment

How to install the LWP perl module (libwww-perl) for CSF Firewall

If you want to install CSF Firewal in New Linux Server, On installing CSF firewall, you got following error :-

# ./install.sh

=====================================================================
Configuring for OS

Checking for perl modulesfailed
You need to install the LWP perl module (libwww-perl) and then install csf
=====================================================================

To fix the error, install LWP perl module (libwww-perl)

# yum install perl-libwww-perl

“OR”

# cpan
cpan>
cpan> h [Obtaining help]
cpan> install Bundle::LWP [Installing LWP]

June 14, 2011 Posted by | CSF, Firewall | , , , , | 4 Comments

How to allow only specific countries with CSF

This is assuming you have CSF installed already and setup properly. Assuming that, you will want to go into the configuration via WHM (WHM –> Plugins –> ConfigServer Security & Firewall –> Firewall Configuration) or in SSH via vi /etc/csf/csf.conf

# vi /etc/csf/csf.conf

What you are looking for is CC_ALLOW_FILTER

First, you will want to get a list of ISO Country Codes to allow.

For example, if you only wanted United States, Canada, Great Britian, Australia, and Mexico to be whitelisted, you would specify:

US,CA,GB,AU,MX

What this will do is download a list of IP ranges belonging to those countries, then add them to a whitelist, and deny everything else, that is, deny all other countries’ IP ranges. So, India will not be able to connect to your server, Russia will not be able to connect, etc..

Once you have change this in your configuration, don’t forget to restart your firewall to apply the new configuration.

May 16, 2011 Posted by | CSF, Firewall | , , | 1 Comment

flush_csf.sh

#################################################
# Script for IP Block Remove Due to CSF Firewall
#################################################
# flush_csf.sh
#################################################
##### CSF – Flush All Block IP #####
#!/bin/bash
echo Flush All Block IP..
cd /etc/csf/
rm -rvf csf.deny
rm -rvf csf.tempban
touch csf.deny
touch csf.tempban
exit
#################################################

May 3, 2011 Posted by | CSF, Firewall, Security, Shell Script | , , | 3 Comments

How to block a country using CSF

Login to WHM-cPanel configuration via WHM

1. WHM
2. Plugins
3. ConfigServer Security & Firewall
4. Firewall Configuration)

“OR”

1. Login via SSH

# vi /etc/csf/csf.conf

What you are looking for is “CC_DENY

First, you will want to get a list of ISO Country Codes to allow.

http://www.countryipblocks.net/country-blocks/ “OR”

http://www.ipdeny.com/ipblocks/ “OR”

http://www.iana.org/domains/root/db/

For example, if you only wanted United States, Canada, Great Britian, Australia, and Mexico to be whitelisted, you would specify:

US,CA,CN,AU,MX

What this will do is download a list of IP ranges belonging to those countries, then add them to a deny list, that is, deny all specific countries’ IP ranges. So, United States, Canada, China will not be able to connect, etc..

Once you have change this in your configuration, don’t forget to restart your firewall to apply the new configuration.

May 1, 2011 Posted by | CSF, Firewall, Security | , , , | 3 Comments

How to allow only specific countries with CSF

Login to WHM-cPanel configuration via WHM

1. WHM
2. Plugins
3. ConfigServer Security & Firewall
4. Firewall Configuration)

“OR”

1. Login via SSH

# vi /etc/csf/csf.conf

What you are looking for is “CC_ALLOW_FILTER

First, you will want to get a list of ISO Country Codes to allow.

http://www.countryipblocks.net/country-blocks/ “OR”

http://www.ipdeny.com/ipblocks/ “OR”

http://www.iana.org/domains/root/db/

For example, if you only wanted United States, Canada, Great Britian, Australia, and Mexico to be whitelisted, you would specify:

US,CA,GB,AU,MX

What this will do is download a list of IP ranges belonging to those countries, then add them to a whitelist, and deny everything else, that is, deny all other countries’ IP ranges. So, India will not be able to connect to your server, Russia will not be able to connect, etc..

Once you have change this in your configuration, don’t forget to restart your firewall to apply the new configuration.

April 30, 2011 Posted by | CSF, Firewall, Security | , , , | 3 Comments

Locked out by the brute force system in cPanel

Sometimes, user can’t log in in WH due to CPHULKD Brute Force protection is preventing access to WHM account. The User can’t login due to Brute force protection, this account is currently locked out……. wait 30 minutes and try again,

We can’t wait for half an hour and ready still get the same message. Since we can’t login WHM we can’t disable the brute force protection.

Even more this burte force system has locked out from loging on to Linux. We had to login via SSH from Different IP address Or via using single user mode and reset root password with the passwd command.

But sometimes try to login in to WHM, will get locked out of the server if we restart the machine and each time we have to reset the password or else we can’t able to login to Linux server. All this after input the wrong password for a cPanel account, it locked all the accounts on the server including the root account.

Is this normal ? How can disable the brute force sistem from outside WHM.

If you can still ssh to the server login as root and type the following at the prompt Code:

# mysql

prompt should change to mysql

mysql> use cphulkd;

you will see…database changed

mysql>BACKUP TABLE `brutes` TO ‘/path/to/backup/directory’;

backup first!

mysql> SELECT * FROM `brutes` WHERE `IP`=’xxx.xxx.xxx.xxx’;

insert your IP instead xxx.xxx.xxx.xxx. Is your IP there? If so,

mysql> DELETE FROM `brutes` WHERE `IP`=’xxx.xxx.xxx.xxx’;

that should remove your IP from the table and you will see that in mysql reply. Finally

mysql>quit

should return you to your usual prompt.

Now Check, Its works ! ! !

April 22, 2011 Posted by | cPanel, Firewall, MySQL, Security | , , , , | 2 Comments

How to remove APF Firewall

# service iptables stop

# chkconfig apf off

# /bin/rm -rfv /etc/apf

# /bin/rm -fv /etc/cron.daily/fw

# /bin/rm -fv /etc/init.d/apf

# iptables -L -n

April 8, 2011 Posted by | CSF, Firewall | , , , | 2 Comments

How to install & configure CSF Firewall

Installation
============
Installation is quite straightforward:

Login as the root user to SSH and run the following commands.

#rm -vf csf.tgz
#wget http://www.configserver.com/free/csf.tgz
#tar -xzf csf.tgz
#cd csf
#sh install.sh

If you would like to disable APF+BFD (which you will need to do if you have them installed otherwise they will conflict horribly):

#sh disable_apf_bfd.sh

That’s it. You can then configure csf and lfd in WHM, or edit the files
directly in /etc/csf/*

Installation Completed

Don’t forget to:

1. Configure the TCP_IN, TCP_OUT, UDP_IN and UDP_OUT options in the csf configuration to suite your server

2. Restart csf and lfd

3. Set TESTING to 0 once you’re happy with the firewall

csf is preconfigured to work on a cPanel server with all the standard cPanel ports open. It also auto-configures your SSH port if it’s non-standard on installation.

You should ensure that kernel logging daemon (klogd) is enabled. Typically, VPS servers have this disabled and you should check /etc/init.d/syslog and make sure that any klogd lines are not commented out. If you change the file, remember to restart syslog.

Now – login to your cPanel server’s WHM as root and go to the bottom left menu. If already logged in then reload the page. In Plugins – you will see:  ConfigServer Security&Firewall

The firewall is STOPPED by default – it is not running. We need to configured it, and then take it out of Test Mode.

Click on Firewall Configuration

ETH_DEVICE =: Set this to eth+

TCP_IN/TCP_OUT/UDP_IN/UDP_OUT = : These are the ports you want to leave open for your server to operate. If you change the default SSH port make sure to add it here. Also add any other services you might have running such as Shoutcast or game servers. By default most of the ports used should already be configured.

MONOLITHIC_KERNEL = 0 : Only change this to 1 if your firewall will not start – otherwise leave it as it.

LF_DSHIELD = 0 : Change this option to 86400. This is an automatic updated list of known attacking IPs. Enabling this will stop them from being able to connect to your server.

Spam Protection Alerts
If you want to add some spam protection, CSF can help. Look in the configuration for the following:

LF_SCRIPT_ALERT = 0 change this to 1. This will send an email alert to the system administrator when the limit configured below is reached within an hour.

LF_SCRIPT_LIMIT = 100 change this to 250. This will alert you when any scripts sends out 250 email messages in an hour.

Configuration Complete – Almost Scroll down to the bottom and click on Change to save the settings. Then click Restart csf+lfd

You should see a big page of ACCEPT and near the bottom you should see:

csf: TESTING mode is enabled – don’t forget to disable it in the configuration Starting lfd:[  OK  ]

Click on Return

Now TEST all your services to make sure everything is working – SSH, FTP, http. After you do a few quick tests go back into the Firewall Configuration page.

TESTING = 1 change this to 0 and click Change at the bottom. Then Restart csf+lfd

That’s it, the firewall is successfully installed and running!!
Firewall Status: Running – you should see this on the main CSF page in WHM.

Uninstallation
==============
Removing csf and lfd is even more simple:

#cd /etc/csf
#sh uninstall.sh

January 3, 2011 Posted by | cPanel, CSF, Firewall | , , , | 8 Comments