Enable UI in CSF Firewall on CentOS
CSF Firewall come with standalone UI. This is disabled by default. On CentOS, install following requirments
yum install perl-IO-Socket-SSL perl-Net-SSLeay perl-Net-LibIDN perl-IO-Socket-INET6 perl-Socket6
Edit CSF configuration file
vi /etc/csf/csf.conf
Find
UI = "0"
Replace with
UI = "1"
Change following settins as needed.
UI_PORT = "6666" UI_USER = "username" UI_PASS = "password"
By Default, only whitelisted IP can access the UI, to white list your IP, run
echo "YOUR_IP_ADDR" >> /etc/csf/ui/ui.allow
If you want to allow CSF UI from all IP address, then set UI_ALLOW to 0 in csf.conf
UI_ALLOW = "0"
CSF use a self signed SSL, if you have an SSL cert, you can use it. SSL certificate is avaiable in folder
/etc/csf/ui/
To use LetsEncrypt Free SSL certificate for CSF UI, i set symlink to ssl cert.
cd /etc/csf/ui mv server.key server.key.old mv server.crt server.crt.old ln -s /etc/letsencrypt/live/DOMAIN/fullchain.pem server.crt ln -s /etc/letsencrypt/live/DOMAIN/privkey.pem server.key
Now restart CSF and LDF
systemctl restart lfd systemctl restart csf
You will see CSF UI running on port 6666.
[root@grupo conf.d]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:6666 0.0.0.0:* LISTEN 20605/lfd UI tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 23918/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 2203/perl tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1275/master tcp 0 0 0.0.0.0:3333 0.0.0.0:* LISTEN 19061/sshd tcp6 0 0 :::80 :::* LISTEN 19810/httpd tcp6 0 0 ::1:25 :::* LISTEN 1275/master tcp6 0 0 :::443 :::* LISTEN 19810/httpd tcp6 0 0 :::3333 :::* LISTEN 19061/sshd [root@grupo conf.d]#