CentOS 8 has a default firewall application who is FirewallD.
Config Server Firewall (or CSF) is a free and advanced firewall for most Linux distributions and Linux based VPS. In addition to the basic functionality of a firewall – filtering packets – CSF includes other security features, such as login/intrusion/flood detections.
As mentioned CSF includes UI integration for cPanel, DirectAdmin and Webmin, but this tutorial only covers the command line usage. CSF is able to recognize many attacks, such as port scans, SYN floods, and login brute force attacks on many services. It is configured to temporarily block clients who are detected to be attacking the cloud server.
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -y
Most Perl modules must be installed by default when you install Perl on your system , but you will need to manually install the following Perl modules.
dnf install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph wget tar perl-Math-BigInt
Download and install the latest CSF archive source code using the wget command from the following URL.
When you have finished the installation, run the “csftest.pl” script to check if your system has the required iptable modules.
Make a note: You should not run any other iptables firewall configuration script. For example, if you previously used APF+BFD you can remove them by running the below script.
If you are using modern Linux distributions, disable the firewalld service using the systemctl command.
systemctl stop firewalld
Run the following command to enable the lfd daemon otherwise it will fail to start. To do so, you need to change the value “TESTING = 1” to “TESTING = 0” in the file “/etc/csf/csf.conf” using the sed command.
sed 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf
Run the following command to restart the CSF firewall for changes to take effect. You can easily manage the CSF firewall using the csf command.