What is a CSF / LFD
ConfigServer Security & Firewall (CSF) is a stateful packet inspection firewall (SPI), login, intrusion detection, and security application for most Linux distributions and Linux based VPS. A free firewall for almost all Linux System made possible by ConfigServer.
CSF is versatile enough to host more features other than the standard filtering of packets. CSF can give you login detection, brute force detection, system intrusion and flood detection. CSF have a UI integration for cPanel, DirectAdmin and Webmin.
CSF can also detect port scans, SYN flood and can temporarily or permanently block clients who are flagged as an attacker.
What CSF can do
- CSF can be configured to track processes in order to detect suspicious processes or open network ports, and send an email to the system administrator if any is detected.
- CSF can monitor your temp directory and script directory for suspicious modifications can easily alert you via email. Most intrusions includes file mofication on the server level.
- CSF can provide a messenger service which informs the client why the connection failed. Messenger service is a double edge sword, you are providing more information to the client which lessen the frustration level he is getting but on the other hand makes things easier for the attacker.
- CSF can give a port flood protection. CSF can limit the maximum connection to a given port allowing more protection to the server. Setting the limit lower blocks port scanner at some level but on the other hand will cause disconnections on legit connections. Setting the limit high will give the attacker more freedom to attack your server.
- CSF allows clients to establish connections a server with no ports open using the Port Knocking feature. The server allows clients connect to the main ports only after a successful port knock sequence. This is a very useful feature for limited audience system.
- CSF can limit the number of connections from a given IP address which effectively can reduce DOS (Denial Of Service) attacks but wont hold on DDOS (Distributive Denial Of Service)
- CSF can also IP and port forward like a proxy server. The only difference is that all forwarded IP and Port will reflect the servers IP and Port as the source. Please note that this is not even close to a NAT system.