ConfigServer Security & Firewall (CSS) is an iptables based firewall for Linux systems. In our previous tutorial read installation tutorial of CSF on Linux system. CSF also provides in-built web UI for the managing firewall from the web interface. In this tutorial, you will find how to enable CSF Firewall Web UI on your system.
CSF UI required some of Perl modules to be installed on your system. Use the following commands to install required modules as per your operating system.
Debian based systems:
$ sudo apt-get install libio-socket-ssl-perl libcrypt-ssleay-perl \ libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl
Redhat based systems:
$ sudo yum install perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN \ perl-IO-Socket-INET6 perl-Socket6
To enable CSF web UI edit /etc/csf/csf.conf file in your favorite text editor and update the following values.
$ sudo vim /etc/csf/csf.conf
# 1 to enable, 0 to disable web ui UI = "1" # Set port for web UI. The default port is 6666, but # I change this to 1025 to easy access. Default port create some issue # with popular chrome and firefox browser (in my case) UI_PORT = "1025" # Leave blank to bind to all IP addresses on the server UI_IP = "" # Set username for authetnication UI_USER = "admin" # Set a strong password for authetnication UI_PASS = "admin"
After making changes, edit /etc/csf/ui/ui.allow configuration file and add your public IP to allow access to CSF UI. Change OUR_PUBLIC_IP_ADDRESS with your public IP address.
$ sudo echo "YOUR_PUBLIC_IP_ADDRESS" >> /etc/csf/ui/ui.allow
Web UI works under lfd daemon. So restart the lfd daemon on your system using the following command.
$ sudo service lfd restart
Now, access CSF UI on your browser with the specified port. For this tutorial, I have used 1025 port. This will prompt for user authentication first. After successful login, you will find the screen like below.
Allow IP Address – You can use below option to allow any IP quickly. This add the entry in /etc/csf/csf.allow file.
Deny IP Address – You can use below option to deny any IP quickly. This add the entry in /etc/csf/csf.deny file.
Unblock IP Address – You can use below option to quickly unblocked any IP which is already blocked by CSF.