As the name suggests, a firewall is a blockade of sorts, and is meant for security. At its core, a firewall simply prevents unauthorized access into or out of a computer network. Real-world firewalls should be based on hardware or software, A server, just like a desktop or laptop, can benefit from the security a firewall provides.
Every Linux server will have IPtables installed by default, which is provided by the kernel. The problem is administering IPtables will likely be daunting. It typically requires command line access, knowledge of chains and rules, and difficult-to-follow syntax. Not many users want to learn all of this just to keep one or two foreign hosts from accessing their server. Fortunately, a number of graphical front-ends exist that make administering IPtables pretty easy.
ConfigServer Firewall (CSF) is one of the most popular front-ends. If you have a cPanel VPS or dedicated server, CSF will be preinstalled (but disabled). You can administer ConfigServer Firewall by clicking on “Plugins” and selecting “ConfigServer Security&Firewall” at the bottom of the left-hand menu in WHM. Make sure it is enabled by clicking the “Firewall Enable” button. For many users, the most useful functions here are:
- Quick Allow: Allow an IP address through the firewall
- Quick Deny: Block IP address
- Quick Unblock: Remove a currently blocked IP
- Search for IP: Searches IPtables for an IP
CSF is also easy to configure from the shell environment. For command line practitioners, here are some quick commands that will perform the same functions listed above. As the root user:
- Allow an IP:
/usr/sbin/csf -a IP.AD.DRE.SS
- Deny an IP:
/usr/sbin/csf -d IP.AD.DRE.SS
- Unblock an IP:
/usr/sbin/csf -dr IP.AD.DRE.SS
- Search for an IP:
/usr/sbin/csf -g IP.AD.DRE.SS
With straightforward graphical interface – or by running a few simple commands – you can see how managing the firewall can be easy. The Internet has been often referred to as the Wild West and full of “bad guys.” Fortunately, we have user-friendly tools like ConfigServer Firewall to help keep the e-criminals at bay.