Install Config Server Firewall:
There are two top-quality firewalls available: APF (Advanced Firewall Policy) & CSF (Config Server Firewall). There is an unending debate on which is better.
Most people believe that CSF is better because it offers more configuration options.
Only one of the two can be installed at any one time.
service iptables status
and install it with the command
yum install iptables* -y
Install CSF (Config Server Firewall)
(If APF + BFD is already installed, it should be removed with the command
Download and install CSF
tar zxvf csf.tgz
Then start CSF
And edit its configuration file
You can leave all the values at their default but change the testing flag to ‘0’
This will cause the firewall to start.
To access various commands such as add / remove an IP address to be blocked/ whitelisted, show configuation, stop, restart etc, type
and all the options will show
CSF now incorporates a “Login Failure Daemon” (lfd). What this does is to scan the latest log file entries for login attempts. If there are repeated fails, the Daemon assumes that there is a “Brute-force attack” and blocks the IP address from the incoming and outgoing connections. The result is that not only can you not log-into the SSH but you also cannot access the website.
The log file records the details of the IPs that are blocked. It can be accessed here:
A typical entry is like this
Aug 9 15:17:05 vps lfd: (sshd) Failed SSH login from 22.214.171.124 (DE/Germany/boemann.de): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]
One great thing about the lfd daemon is that you can receive an email every time there is a login attempt. To enable that access the csf config file with the command
Now locate the lines “LF_ALERT_TO” and “LF_ALERT_FROM” and enter your email address.
Restart the lfd daemon with the command
service lfd restart
You can also restart csf with the command
Then whenever, there is a You will receive a message like this:
lfd on vps2.me: SSH login alert for user superuser from 126.96.36.199 (IN/India/triband-mum-188.8.131.52.mtnl.net.in)