Csf firewall to effectively prevent the use of small-scale DDOS

Update:upgrade Ubuntu 20.04 LTS Rear,csf is not working,Prompt that iptables cannot be found:

This is because Ubuntu 20.04 LTS Changed iptables Related command position,The csf script is not updated in time。

To solve this problem,We can go to /etc/csf/csf.conf Profiles,Near the end of this file,Have a # Binary locations Related settings,Here we can see that the first 6 configuration addresses are still old:

Change to new address:

Such, csf -r You can generate the configuration normally,but,weakness is perl /usr/local/csf/bin/csftest.pl Will still report an error,But now csf itself has been successfully started。


Before I wrote an article,After purchasing a VPS you should spare security measures,This side describes how to install csf Firewall,In fact, just a few simple commands,but,At that time, my ignorance,In fact lead to csf firewall does not really take effect,The reason is csf and ufw are the same as iptables script,They are in the same level,We are conflicting。

so,In the configuration csf Firewall,You should execute the command ufw disable To close ufw

then,We installed a firewall csf:

After the installation is complete,Install environmental needs:

After ok,Execute commands to check the status of the firewall: perl /usr/local/csf/bin/csftest.pl ,If the output is as follows,Then the implementation of the firewall should be no problem:

Csf test is working properly

First of all we have to do the most basic configuration,To configure the release port of csf,I must remember not to 22 Port to cut off,Otherwise, you good-bye。

Of course,Once installed csf,The default is to release common port,so,We do not just get rid of。Other than that,csf default working in test mode,So if you really put himself out of the,It's ok,Five minutes later emptied rules。

Let's edit we /etc/csf/csf.conf

by default,Following the release of the port:

Here I am according to my needs,Made to streamline:

Of course,My server also supports IPv6,It is necessary to continue to turn down,Find the IPv6 configuration,do it again:

Then add defense rules,Prevent a small amount of daily ddos,Of course,Then had to rely on a large amount of hardware, right?

Find the field PORTFLOOD ,Make the following rules:

Here are the rules say each port 22,80,443Do strategy (IP-units):

  • in case 22 In an IP port 300 Initiated within seconds 5 Or more links,To ban;
  • in case 80 or 443 In an IP port 5 Initiated within seconds 20 Or more links,To ban。

ban time default 1800 second。

then,csf there is a function of email to inform you that after the ban of the IP,We make changes to the following fields,Add your own e-mail address:

Since lfd also sends suspicious process monitoring,If you feel tired,The process can advance your whitelist,edit /etc/csf/csf.security ,Following the end of the supplement format on it,For example, I run a server nginx,php,I know it's not suspicious process,Then write:

Such,We configured the firewall,Save the configuration after wave can try restarting:

Remember to view the configuration is correct with a sense command: perl /usr/local/csf/bin/csftest.pl

Then use the command csf -r To restart the firewall,If no fatal problem,It means that the firewall work。As for the phrase:

Let him disabled .。

Another problem you might encounter,That prompted you to start but crashed lfd,this is normal,In test mode, lfd does not start。

re-edit /etc/csf/csf.conf Profiles,In the first line,The 1 To 0:

After saving the restart firewall csf -r This time the firewall is up and running。

Use the command to start csf and lfd incidental:

By looking at /where/log/Ser.log You can see all the acts csf firewall,For example, a ban which IP like。

If you want to add a whitelist,Then edit /etc/csf/csf.allow ,ip address one per line;

If you want to manually add blacklist,Then edit /etc/csf/csf.deny ,Is a line,but,This side will have regular data automatically added;

Other than that,You can also add the ignore list,IP address list will not be judge rules,But if there is in the blacklist,It will be blocked: /etc/csf/csf.ignore

Such,Your server should be a more robust :)

additional

Another point,If you are annoying email notifications,You can search for all in csf.conf _EMAIL_ALERT Ending field,Change the value from "1" To "0" ,There are several,Remember to use search。

 

References

CSF installation and configuration of the firewall on Ubuntu

How To Install and Configure Config Server Firewall (CSF) on Ubuntu

linux csf firewall to prevent a small number of very effective attack ddos ​​cc

How to disable send an email: lfd on server: Suspicious process running under user

CSF not sending emails.

Original article written by LogStudio:R0uter's Blog » Csf firewall to effectively prevent the use of small-scale DDOS

Reproduced Please keep the source and description link:https://www.logcg.com/archives/2873.html

About the Author

R0uter

The non-declaration,I have written articles are original,Reproduced, please indicate the link on this page and my name。

Comments

  1. lfd.service – ConfigServer Firewall & Security – Ser
    Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: enabled)
    Active: active (running) since Fri 2018-02-02 22:15:11 CST; 4s ago
    Process: 28943 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
    Main PID: 28951 (Ser – sleeping)
    Tasks: 1 (limit: 4915)
    CGroup: /system.slice/lfd.service
    └─28951 Ser – sleeping

    Feb 02 22:15:10 VPS systemd[1]: Stopping ConfigServer Firewall & Security – Ser…
    Feb 02 22:15:10 VPS systemd[1]: lfd.service: Main process exited, code=killed, status=9/KILL
    Feb 02 22:15:10 VPS systemd[1]: Stopped ConfigServer Firewall & Security – Ser.
    Feb 02 22:15:10 VPS systemd[1]: lfd.service: Unit entered failed state.
    Feb 02 22:15:10 VPS systemd[1]: lfd.service: Failed with result ‘signal’.
    Feb 02 22:15:10 VPS systemd[1]: Starting ConfigServer Firewall & Security – Ser…
    Feb 02 22:15:11 VPS systemd[1]: Started ConfigServer Firewall & Security – Ser.
    Please help us to see this is what ah,How to deal with it,Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *