In this article, we will have explained the necessary steps to install CSF Firewall on Debian 11. Before continuing with this tutorial, make sure you are logged in as a user with sudo
privileges. All the commands in this tutorial should be run as a non-root user.
ConfigServer Security & Firewall (CSF) is a free and advanced firewall management tool based on iptables. In addition to the basic functionality of a firewall, filtering packets, CSF includes other security features, such as login/intrusion/flood detections. One of the very nice features of CSF is that it provides a built-in web UI for managing the firewall from a web browser. This UI integration is supported by cPanel, DirectAdmin, as well as working independently on your server.
Install CSF Firewall on Debian 11
Step 1. The first command will update the package lists to ensure you get the latest version and dependencies.
sudo apt update sudo apt upgrade sudo apt install libio-socket-inet6-perl libsocket6-perl sudo apt install sendmail dnsutils unzip libio-socket-ssl-perl sudo apt install libcrypt-ssleay-perl git perl iptables libnet-libidn-perl
Step 2. Install CSF Firewall on Debian 11 Bullseye system.
Download the latest version of Config Server Firewall (or CSF) from their official site:
wget http://download.configserver.com/csf.tgz
Once downloaded file, extracted before it can be used:
sudo tar -xvzf csf.tgz
Next, install CSF Firewall using the following command:
cd csf sh install.sh
The installation of the firewall is complete, but it is best to check if the iptables modules are available which are required for proper functioning on CSF. You can do that with the command:
perl /usr/local/csf/bin/csftest.pl
After that, enable CSF firewall to start on boot, run the following command:
sudo systemctl start csf sudo systemctl enable csf
Step 3. Configuration CSF.
CSF can be configured by editing its configuration filecsf.conf
in /etc/csf
:
sudo nano /etc/csf/csf.conf
Modify the following lines:
#For testing environment the value should be TESTING = "1" and for production environment, the value should be TESTING = "0". TESTING = "0" #To enable log RESTRICT_SYSLOG = "3" # Allow incoming TCP ports TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995" # Allow outgoing TCP ports TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995" # Allow incoming UDP ports UDP_IN = "20,21,53" # Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list UDP_OUT = "20,21,53,113,123"
Now that you have configured all the settings in the csf.conf
file, it is time to update the ruleset to apply the changes.
sudo csf -r
Output:
That’s all you need to do to install the CSF Firewall on Debian (Bullseye). I hope you find this quick tip helpful. For further reading CSF Firewall on Debian’s system, please refer to their official knowledge base. If you have questions or suggestions, feel free to leave a comment below.