This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
networking:firewall:csf [2022/06/13 12:01] gcooper |
networking:firewall:csf [2023/03/10 10:48] (current) gcooper |
||
---|---|---|---|
Line 27: | Line 27: | ||
===== Prerequisites ===== | ===== Prerequisites ===== | ||
- | These commands also install **Webmin**, which enables a web GUI for CSF management. | + | These commands also install **Webmin**, which enables a web GUI for CSF and host management. |
==== Ubuntu ==== | ==== Ubuntu ==== | ||
Line 45: | Line 45: | ||
wget -q http:// | wget -q http:// | ||
add-apt-repository universe && apt update | add-apt-repository universe && apt update | ||
- | apt install webmin | + | |
+ | apt install webmin unzip ipset libwww-perl liblist-compare-perl \ | ||
liblwp-protocol-https-perl libio-socket-ssl-perl libcrypt-ssleay-perl \ | liblwp-protocol-https-perl libio-socket-ssl-perl libcrypt-ssleay-perl \ | ||
libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl libgd-graph-perl | libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl libgd-graph-perl | ||
- | </ | ||
- | |||
- | ==== CentOS 7 ==== | ||
- | |||
- | < | ||
- | echo -e " | ||
- | rpm --import http:// | ||
- | yum install webmin ipset net-tools perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN perl-LWP-Protocol-https perl-IO-Socket-INET6 perl-Socket6 | ||
</ | </ | ||
Line 62: | Line 55: | ||
==== Prep Default Firewall ==== | ==== Prep Default Firewall ==== | ||
- | You may want to open a few holes in the default firewall just in case it ever gets turned back on. | + | You may optionally |
=== Ubuntu === | === Ubuntu === | ||
Line 69: | Line 62: | ||
systemctl status ufw.service | systemctl status ufw.service | ||
ufw status verbose | ufw status verbose | ||
- | ufw allow 10000/ | + | ufw allow from <your_management_ip_cidr> proto tcp to any port 10000 #Webmin |
- | </file> | + | |
- | + | ||
- | === CentOS === | + | |
- | + | ||
- | < | + | |
- | systemctl status firewalld.service | + | |
- | firewall-cmd --permanent --add-port=10000/tcp | + | |
</ | </ | ||
Line 85: | Line 71: | ||
http:// | http:// | ||
- | :!: Upon installation, | + | :!: To ease installation, |
- | :!: Upon installation, | + | :!: Upon installation, |
:!: Upon installation, | :!: Upon installation, | ||
Line 214: | Line 200: | ||
|Testing | |Testing | ||
|IPV6 | |IPV6 | ||
- | |TCP_IN | + | |TCP_IN |
- | |TCP_OUT | + | |TCP_OUT |
|UDP_IN | |UDP_IN | ||
|UDP_OUT | |UDP_OUT | ||
- | |TCP6_IN | + | |TCP6_IN |
- | |TCP6_OUT | + | |TCP6_OUT |
|UDP6_IN | |UDP6_IN | ||
|UDP6_OUT | |UDP6_OUT | ||
Line 228: | Line 214: | ||
|LF_IPSET | |LF_IPSET | ||
|SYNFLOOD | |SYNFLOOD | ||
- | |CONNLIMIT | + | |CONNLIMIT |
- | |PORTFLOOD | + | |PORTFLOOD |
|DROP_OUT_LOGGING | |DROP_OUT_LOGGING | ||
|CONNLIMIT_LOGGING | |CONNLIMIT_LOGGING | ||
Line 293: | Line 279: | ||
< | < | ||
tcp|out|d=587|d=1.2.3.4 | tcp|out|d=587|d=1.2.3.4 | ||
+ | </ | ||
+ | |||
+ | To allow Webmin access: | ||
+ | |||
+ | < | ||
+ | # Webmin Access | ||
+ | tcp|in|d=10000|s=1.2.3.4 | ||
</ | </ | ||
Line 526: | Line 519: | ||
====== LFD - Login Failure Daemon ====== | ====== LFD - Login Failure Daemon ====== | ||
+ | |||
+ | **Custom RegEx**: https:// | ||
LFD does more than just monitor log files for login failures. | LFD does more than just monitor log files for login failures. | ||
Line 549: | Line 544: | ||
**Virtualmin SMTP**: https:// | **Virtualmin SMTP**: https:// | ||
- | :!: The Postfix MTA is not directly supported by LFD. You must use custom settings. | + | :!: The Postfix MTA is not directly supported by LFD. You must use custom settings. |
==== CentOS ==== | ==== CentOS ==== |