CSF Features
1
- Cpanel CSF Firewall
, , , , .
DDOS , , , .
Configserver Security Firewall
Firewall ,, CSF .
.
Centos Ubuntu .
CSF
iptables . Login Failure Daemon LFD. LFD log cpanel webmin .
###########################################
(Features ) :
###########################################
Login authentication failure daemon:
LOG , .
Process tracking :
. .
Directory watching :
.
Messenger service :
, .
Port flood protection:
flood attacks , .
Port knocking :
( ) ^_^ .
Connection limit protection :
.
Port/IP address redirection :
. network address translation .
UI integration :
cpanel webmin .
IP block lists:
, rule , lists .
http://configserver.com/cp/csf.html
###########################################
:
###########################################
Root :
, :
tar -xzf csf.tgz
:
cd csf
sh install.sh
, testing mode . testing mode .
nano /etc/csf/csf.conf
test mode 0 .
csf -r
,, .
:
csf.conf : .
csf.allow : .
csf.deny : .
tcp udp .
.
:
<strong>csf --deny ip comment</strong>
1 |
<strong>csf --deny ip comment</strong> |
comment :
csf deny 95.211.108.166 [I dont like iSecur1ty]
:
csf add 95.211.108.166 [mohamed askar is a good person ]
, CIDR notation , csf.allow csf.deny , .
tcp/udp|in/out|s/d=port|s/d=ip|u=uid
1 |
tcp/udp|in/out|s/d=port|s/d=ip|u=uid |
1 :
tcp|in|d=3306|s=11.22.33.44
1 |
tcp|in|d=3306|s=11.22.33.44 |
11.22.33.44 3306 tcp .
2 :
tcp|out|d=22|d=11.22.33.44
1 |
tcp|out|d=22|d=11.22.33.44 |
11.22.33.44 22 tcp .
3 :
icmp|in|d=ping|s=44.33.22.11
1 |
icmp|in|d=ping|s=44.33.22.11 |
icmp 44.33.22.11
4 :
tcp|in|d=22|s=www.isecur1ty.org
1 |
tcp|in|d=22|s=www.isecur1ty.org |
.
csf.conf :
:
incoming outgoing udp . , . Port knocking .
ICMP_IN
1 ping 0 ping .
ICMP_IN_LIMIT :
ping .
DENY_IP_LIMIT:
,, ,, CIDR 192.168.1.1/22 .
PORTFLOOD :
. :
PORTFLOOD = 22;tcp;5;300,80;tcp;20;5
22 300 tcp , 80 . 80 , 22 80 20 .
Connection Limit Protection :
<strong>CONNLIMIT :</strong>
1 |
<strong>CONNLIMIT :</strong> |
DOS attacks , . xt_connlimit iptable .
:
22 80 .
:
CSF
<strong>csf -e Or csf --enable </strong>
1
2
3
4 |
<strong>csf -e
Or
csf --enable
</strong> |
CSF :
<strong>csf -x Or csf --disable</strong>
1
2
3 |
<strong>csf -x
Or
csf --disable</strong> |
CSF :
<strong>csf -r Or csf --restart</strong>
1
2
3 |
<strong>csf -r
Or
csf --restart</strong> |
:
<strong>csf -f Or csf --stop</strong>
1
2
3 |
<strong>csf -f
Or
csf --stop</strong> |
ipv4 :
<strong>csf -l Or csf --status</strong>
1
2
3 |
<strong>csf -l
Or
csf --status</strong> |
csf.deny :
<strong>csf -dr Or csf --denyrm ip</strong>
1
2
3 |
<strong>csf -dr
Or
csf --denyrm ip</strong> |
ip .
csf.deny :
<strong>csf -df Or csf --denyf</strong>
1
2
3 |
<strong>csf -df
Or
csf --denyf</strong> |
.
<strong>csf -g Or csf --grep ip </strong>
1
2
3
4 |
<strong>csf -g
Or
csf --grep ip
</strong> |
,, IP .
: