Install and Setup CSF / LFD on CentOS

Latest Update: 11/25/2015 00:44

Firewall Automated Blocking

Firewall on automated blocking for brute force exploit

I have written an article explaining what is a CSF / LFD service/module and this time, we are going to install them.


Straight-forward SPI iptables firewall script
Daemon process that checks for login authentication failures for:
– Courier imap, Dovecot, uw-imap, Kerio
– openSSH
– cPanel, WHM, Webmail (cPanel servers only)
– Pure-ftpd, vsftpd, Proftpd
– Password protected web pages (htpasswd)
– Mod_security failures (v1 and v2)
– Suhosin failures
– Custom login failures with separate log file and regular expression matching
POP3/IMAP login tracking to enforce logins per hour
SSH login notification
SU login notification
Excessive connection blocking
UI Integration for cPanel, DirectAdmin and Webmin
Easy upgrade between versions from shell
Auto-configures the SSH port if it’s non-standard on installation
Block traffic on unused server IP addresses
Alert when end-user scripts sending excessive emails per hour
Suspicious process reporting
Excessive user processes reporting
Excessive user process usage reporting and optional termination
Suspicious file reporting
Directory and file watching
Block traffic on the DShield Block List and the Spamhaus DROP List
BOGON packet protection
Works with multiple ethernet devices
Server Security Check
Allow Dynamic DNS IP addresses
and many more!


We need to disable and turnoff existing firewalls since this may cause conflicts or issues. Centos 7 comes preinstalled with firewalld and with iptables. Some custom ROM’s have this modules deactivated.

Clean yum cache packages and cache headers. This will prevent potential errors due to caching.

Update yum packages as a good practice

Optional IP Tables (Recommended for Centos 7 / RHEL )

If you are using Centos 7, you may want to install iptables. As you notice, I prefer to use yum instead of RPM (Red Hat Package Manager) since the later causes issues with Centos.

If you have installed iptables, make sure to create the default files needed by that module. They can be easily created using the touch command.


CSF and LFD needs perl modules, unzip, host (from bind utils) and a few more utility packages. You only need to install bind-utils if your server have no webhost components installed (example: your server a pure proxy server or a file server). You can install the missing components later since CSF and LFD will tell you what packages are missing based on what you have configured.

Install Bind-Utils for Host Component (Optional)

In case you don’t have host module, you can easily add it using this command. If your server is hosting a website, chances are, you already have a running host module.

Change directory to your temp directory or you can also use your home directory. This directory will be used as our download location for the course of our installation.

Download the source file from ConfigServer

Decompress our downloaded source file using Tar, you may need to install Tar for those who loved minimal OS installation since sometimes, they don’t come preinstalled on minimal.

Tar is the equivalent of WinZip in Linux and Tar compress much better than WinZip.

Time to decompress

And then finally install CSF /LFD bundle

After completing the installation process, CSF will automatically start but it will be on “Test Mode” and you need to configure a few settings.  You will be surprised that the guys at ConfigServer have done a great job of giving you an almost complete configuration for your CSF firewall. One of my installation only needs me to remove the “Test Mode” status by changing 1 variable setting.

File Clean Up

It is a good practice to delete the downloaded file since we no longer need them. It saves disk space but it is not our main concern, deleting the source files removes clutter.

Please take note that you need to supply the correct directory when deleting the files and be sure that the character casing is correct. All *Nix system are case sensitive.

Recommended Ports to Keep Open

List of ports that usually should be open but recommended to be closed if you are not using them.

  • Port 20: FTP data transfer
  • Port 21: FTP control
  • Port 22: Secure shell (SSH)
  • Port 25: Simple mail transfer protocol (SMTP)
  • Port 53: Domain name system (DNS)
  • Port 80: Hypertext transfer protocol (HTTP)
  • Port 110: Post office protocol v3 (POP3)
  • Port 113: Authentication service/identification protocol
  • Port 123: Network time protocol (NTP)
  • Port 143: Internet message access protocol (IMAP)
  • Port 443: Hypertext transfer protocol over SSL/TLS (HTTPS)
  • Port 465: URL Rendesvous Directory for SSM (Cisco)
  • Port 587: E-mail message submission (SMTP)
  • Port 993: Internet message access protocol over SSL (IMAPS)
  • Port 995: Post office protocol 3 over TLS/SSL (POP3S)
  • Port 3128: Squid Proxy Server default port


The TechnoJunkie of the group who studied engineering but got stuck with software development. Remember kids, 90% of your problems can be solved by marketing. Solving the other 10% just requires good procrastination skills.

You may also like...

2 Responses

  1. December 1, 2015

    […] you have installed CSF / LFD, you can add the user interface to manage this module inside […]

  2. December 2, 2015

    […] you have installed CSF / LFD, you can add the user interface to manage this module inside […]

Leave a Reply

%d bloggers like this: