Control WebPanel Wiki » csf configuration http://wiki.centos-webpanel.com CentOS WebPanel Wiki Wed, 12 Feb 2025 20:38:16 +0000 en-US hourly 1 http://wordpress.org/?v=4.1.1 CSF/LFD Firewall configuration http://wiki.centos-webpanel.com/csflfd-firewall-configuration http://wiki.centos-webpanel.com/csflfd-firewall-configuration#comments Sun, 22 Nov 2015 09:08:50 +0000 http://wiki.centos-webpanel.com/?p=416 Security --> CSF Firewall Here you can whitelist, block or unblock IPs. For additional configuration you can click on Firewall Configuration button and there you can check or edit CSF firewall configuration. ** Don't forget to […]]]> With CWP you can simply configure CSF/LFD firewall by using CSF Firewall module.
In CWP.admin go to: Left-Menu --> Security --> CSF Firewall

Here you can whitelist, block or unblock IPs.
For additional configuration you can click on Firewall Configuration button and there you can check or edit CSF firewall configuration.

** Don't forget to restart the firewall after you have made configuration changes!

CSF Firewall Open Ports
Open ports are listed as TCP_IN, TCP_OUT, UDP_IN and UDP_OUT
If you need to open a range of ports, for example from 30000 to 50000, you can do that simply by setting: 30000:50000.

Example configuration

# Allow incoming TCP ports
TCP_IN = "20,21,29950,25,53,80,110,143,443,465,587,993,995,2030,2031,30000:50000"

# Allow outgoing TCP ports
TCP_OUT = "20,21,29950,25,53,80,110,113,443,2030,2031,30000:50000,993,995"

# Allow incoming UDP ports
UDP_IN = "20,21,53"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list 
UDP_OUT = "20,21,53,113,123"

# Allow incoming PING
ICMP_IN = "1"

Video instructions

How to stop LFD process alerts/notifications
Example alert: Excessive resource usage

Executable:   /usr/local/bin/php-cgi
Command Line: /usr/local/bin/php-cgi /home/USERNAME/public_html/index.php
PID:          23323 (Parent PID:22635)
Killed:       No

you can simply white list them in your firewall by adding in the file: /etc/csf/csf.pignore

exe:/usr/local/bin/php-cgi

and then restart lfd: "service lfd restart"

Recommended CSF/LFD Configuration for CWP
Configuration file: /etc/csf/csf.conf

LF_SSHD = "7"
LF_SSHD_PERM = "1"

LF_FTPD = "7"
LF_FTPD_PERM = "1"

LF_POP3D = "7"
LF_POP3D_PERM = "1"

LF_IMAPD = "7"
LF_IMAPD_PERM = "1"

LF_SMTPAUTH = "7"
LF_SMTPAUTH_PERM = "1"

LF_HTACCESS = "7"
LF_HTACCESS_PERM = "1"

LF_MODSEC = "7"
LF_MODSEC_PERM = "1"

log paths : 

HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"
SSHD_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/messages"
POP3D_LOG = "/var/log/dovecot-info.log"
IMAPD_LOG = "/var/log/dovecot-info.log"
SMTPAUTH_LOG = "/var/log/maillog"

Custom regex for mod security, file /etc/csf/regex.custom.pm :

#mod_security
if (($config{LF_MODSEC}) and ($globlogs{MODSEC_LOG}{$lgfile}) and ($line =~ /^\[\S+ \S+ \S+ \S+ \S+\] \[(\w*)?:error\] (\[pid \d+(:tid \d+)\]) \[client \S+:\S+\] \[client (\S+)\] ModSecurity:(( \[[^\]]+\])*)? Access denied/)) {
        my $ip = $4;
        $ip =~ s/^::ffff://;
        if (split(/:/,$ip) == 2) {$ip =~ s/:\d+$//}
        my $ruleid = "unknown";
        if ($line =~ /\[id "(\d+)"\]/) {$ruleid = $1}
        if (checkip(\$ip)) {return ("mod_security (id:$ruleid) triggered by","$ip","mod_security-custom","4","80,443","1")} else {return}
}
]]> http://wiki.centos-webpanel.com/csflfd-firewall-configuration/feed 0