This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
networking:firewall:csf [2022/06/13 12:02] gcooper |
networking:firewall:csf [2023/03/10 10:48] gcooper |
||
---|---|---|---|
Line 27: | Line 27: | ||
===== Prerequisites ===== | ===== Prerequisites ===== | ||
- | These commands also install **Webmin**, which enables a web GUI for CSF management. | + | These commands also install **Webmin**, which enables a web GUI for CSF and host management. |
==== Ubuntu ==== | ==== Ubuntu ==== | ||
Line 45: | Line 45: | ||
wget -q http:// | wget -q http:// | ||
add-apt-repository universe && apt update | add-apt-repository universe && apt update | ||
- | apt install webmin | + | |
+ | apt install webmin unzip ipset libwww-perl liblist-compare-perl \ | ||
liblwp-protocol-https-perl libio-socket-ssl-perl libcrypt-ssleay-perl \ | liblwp-protocol-https-perl libio-socket-ssl-perl libcrypt-ssleay-perl \ | ||
libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl libgd-graph-perl | libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl libgd-graph-perl | ||
Line 54: | Line 55: | ||
==== Prep Default Firewall ==== | ==== Prep Default Firewall ==== | ||
- | You may want to open a few holes in the default firewall just in case it ever gets turned back on. | + | You may optionally |
=== Ubuntu === | === Ubuntu === | ||
Line 61: | Line 62: | ||
systemctl status ufw.service | systemctl status ufw.service | ||
ufw status verbose | ufw status verbose | ||
- | ufw allow 10000/tcp #Webmin | + | ufw allow from < |
</ | </ | ||
Line 70: | Line 71: | ||
http:// | http:// | ||
- | :!: Upon installation, | + | :!: To ease installation, |
- | :!: Upon installation, | + | :!: Upon installation, |
:!: Upon installation, | :!: Upon installation, | ||
Line 199: | Line 200: | ||
|Testing | |Testing | ||
|IPV6 | |IPV6 | ||
- | |TCP_IN | + | |TCP_IN |
- | |TCP_OUT | + | |TCP_OUT |
|UDP_IN | |UDP_IN | ||
|UDP_OUT | |UDP_OUT | ||
- | |TCP6_IN | + | |TCP6_IN |
- | |TCP6_OUT | + | |TCP6_OUT |
|UDP6_IN | |UDP6_IN | ||
|UDP6_OUT | |UDP6_OUT | ||
Line 213: | Line 214: | ||
|LF_IPSET | |LF_IPSET | ||
|SYNFLOOD | |SYNFLOOD | ||
- | |CONNLIMIT | + | |CONNLIMIT |
- | |PORTFLOOD | + | |PORTFLOOD |
|DROP_OUT_LOGGING | |DROP_OUT_LOGGING | ||
|CONNLIMIT_LOGGING | |CONNLIMIT_LOGGING | ||
Line 278: | Line 279: | ||
< | < | ||
tcp|out|d=587|d=1.2.3.4 | tcp|out|d=587|d=1.2.3.4 | ||
+ | </ | ||
+ | |||
+ | To allow Webmin access: | ||
+ | |||
+ | < | ||
+ | # Webmin Access | ||
+ | tcp|in|d=10000|s=1.2.3.4 | ||
</ | </ | ||
Line 511: | Line 519: | ||
====== LFD - Login Failure Daemon ====== | ====== LFD - Login Failure Daemon ====== | ||
+ | |||
+ | **Custom RegEx**: https:// | ||
LFD does more than just monitor log files for login failures. | LFD does more than just monitor log files for login failures. | ||
Line 534: | Line 544: | ||
**Virtualmin SMTP**: https:// | **Virtualmin SMTP**: https:// | ||
- | :!: The Postfix MTA is not directly supported by LFD. You must use custom settings. | + | :!: The Postfix MTA is not directly supported by LFD. You must use custom settings. |
==== CentOS ==== | ==== CentOS ==== |