Bobcares
Client Area
Emergency Support
Latest | Virtualizor

How to Set Up CSF on Virtualizor

by | Jul 18, 2024

Learn how to set up CSF on Virtualizor. Our Virtualizor Support team is here to help you with your questions and concerns.

How to Set Up CSF on Virtualizor

CSF is short for ConfigServer Firewall. It is a firewall configuration script that boosts the security of the server.

It offers a user-friendly interface for managing firewall settings. Also, it lets us lock down public access to services and permit only specific connections.

CSF is popular for its ease of use and advanced security features.How to Set Up CSF on Virtualizor

To simplify security management, CSF can be integrated into Virtualizor. However, to use CSF with Virtualizor, we need a Professional License.

Once we have the license, we can easily access CSF through the Admin panel by going to Firewall > ConfigServer (CSF).

How to Set up CSF

  1. To begin with, run these commands to install CSF:

    cd /usr/src
    rm -fv csf.tgz
    wget https://download.configserver.com/csf.tgz
    tar -xzf csf.tgz
    cd csf
    sh install.sh

  2. Then, configure CSF by editing the configuration files. We have to edit `csf.allow` to add our static IP or VPN IP:

    sudo nano /etc/csf/csf.allow

    Also, edit the main configuration file:

    sudo nano /etc/csf/csf.conf

    Some of the key settings to change include:

    • Set `TESTING = “1”` to `TESTING = “0”` to activate the firewall.
    • Change `TCP_IN` to include only the ports we need, like:

      TCP_IN = "4083,4085"

    • Then, save the changes and exit.
  3. Now, add the following line to `csfpost.sh` to make sure CSF works with Virtualizor:

    sudo nano /etc/csf/csfpost.sh
    /sbin/iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT

    For IPv6, add:

    /sbin/ip6tables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT

  4. Then, reload CSF:

    sudo csf -r

Furthermore, we have to configure the forwarding rule for `iptables` in `csfpost.sh` when setting up CSF on a node.

  1. First, create or edit `csfpost.sh`:

    sudo nano /etc/csf/csfpost.sh

  2. Then, add these lines to the file:

    #!/bin/bash
    /sbin/iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
    service libvirtd restart

  3. Next, save the changes and restart CSF:

    sudo csf -r

Troubleshooting VM Network Issues with CSF

If the VM network goes down after enabling CSF, it may be due to CSF blocking the network on some operating systems that use `nftables`. We can fix this, with these steps:

  1. To begin with, open the `csfpost.sh` file:

    vi /etc/csf/csfpost.sh

  2. Then, add these lines to `csfpost.sh`:

    #!/bin/bash
    iptables -P FORWARD ACCEPT

  3. Now, save and exit the file. Then, restart CSF from the admin panel.

After these steps, the VM network should function correctly.

Furthermore, we need to replace the built-in firewall on the server in order to use CSF effectively. Here’s how to do it on CentOS:

sudo yum install unzip perl-libwww-perl bind-utils wget nano

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

In brief, our Support Experts demonstrated how to set up CSF on Virtualizor.

Related posts:

  1. How to login to Virtualizor Control Panel
  2. Create VPS Virtualizor: How to?
  3. Virtualizor License Sync Error: How to Solve
  4. Virtualizor Incremental Backup: A detailed Guide

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. How to login to Virtualizor Control Panel
  2. Create VPS Virtualizor: How to?
  3. Virtualizor License Sync Error: How to Solve
  4. Virtualizor Incremental Backup: A detailed Guide

Never again lose customers to poor
server speed! Let us help you.

GET STARTED