The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Firewall

Discussion in 'General Discussion' started by DReade83, Oct 21, 2006.

  1. DReade83

    DReade83 Well-Known Member

    Joined:
    Oct 20, 2006
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Cheshire, UK
    Can anyone recommend any decent firewalls that use minimal CPU/memory, that run on CentOS 4.4?
     
  2. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    CSF is excellent.
     
  3. DTmonk

    DTmonk Member

    Joined:
    Jul 31, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    South Africa
    try this one,,,

    hay bro,

    I found this 2 days back, and its works great for WHM/scpanel servers.
    athou its a lil tricky if you have a vps server, but i got myn to work on my real servers and my vps servers

    My WHM/CPanel versions.
    WHM 10.8.0 cPanel 10.9.0-R47
    CentOS 4.4 i686 - WHM X v3.1.0

    Firewall url.
    http://www.configserver.com/cp/csf.html

    Enjoy!!

    DTmonk
    -----------
    -----------
     
  4. DTmonk

    DTmonk Member

    Joined:
    Jul 31, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    South Africa
    Oh’ and one last thing, when you are configuring your firwall, be carfull of this option (LF_PARSE = ??)

    If you set this option higher than 59 seconds, then youll find your server using 20-50% of its cpu,,,, but if you set it to 59 seconds like I have’ then your server wont even feel any stress. I think it’s a bug or something, other than that,,,, I’m smiling all the way, specially with the auto blocking features.
     
  5. DReade83

    DReade83 Well-Known Member

    Joined:
    Oct 20, 2006
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Cheshire, UK
    Right, I have CSF installed and I'm nearly done with correcting all the warnings in the Security Check screen. The LF_PARSE setting is set to 5. Is this OK?
     
  6. DTmonk

    DTmonk Member

    Joined:
    Jul 31, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    South Africa
    Nop, cos that meens that its going to read the logs every 5 secounds, and thats no good as this is to streesfull,, rather you set it to 59 second like i have.

    i will see if i can post my config file for you then you can see what work for me.

    back in a 15min.

    chow!!
     
  7. DTmonk

    DTmonk Member

    Joined:
    Jul 31, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    South Africa
    part (1) of my settings.

    Copyright 2006, Way to the Web Limited
    # URL: http://www.waytotheweb.com
    # Email: sales@waytotheweb.com
    ###############################################################################


    TESTING = 0


    TESTING_INTERVAL = 1


    AUTO_UPDATES = 0


    ETH_DEVICE =

    # Unfiltered ethernet devices in a comma separated list (e.g "eth1,eth2")
    ETH_DEVICE_SKIP =

    # Lists of ports in the following comma separated lists can be added using a
    # colon (e.g. 30000:35000).

    # Allow incoming TCP ports
    TCP_IN = 20,21,22,25,53,80,110,143,443,465,953,993,995,2082,2083,2086,2087,2095,2096

    # Allow outgoing TCP ports
    TCP_OUT = 20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703

    UDP_IN = 20,21,53,953


    UDP_OUT = 20,21,53,113,123,873,953,6277
    ICMP this settings will alow ping to enter and answer to retern, but will still provent my server
    to participte in a dos attck, cos the server may not start the ping (I did this cos the data center is monitoring my server with pings.)

    # Allow incoming PING
    ICMP_IN = 1

    # Allow outgoing PING
    ICMP_OUT = 0


    SMTP_BLOCK = 1

    SMTP_ALLOWLOCAL = 1


    this for VPS servers only
    MONOLITHIC_KERNEL = 0


    DROP_LOGGING = 1

    DROP_IP_LOGGING = 1


    DROP_ONLYRES = 1


    DROP_NOLOG = 67,68,111,113,135:139,445,513,520,1026,1027,1234,1433,1434,1524,3127

    PACKET_FILTER = 1


    VERBOSE = 1

    DYNDNS = 0


    ALLOW_RES_PORTS = 0


    DENY_IP_LIMIT = 250


    GLOBAL_ALLOW =
    GLOBAL_DENY =
    LF_GLOBAL =

    LF_DAEMON = 1

    This is vey important, cos my options was to stop script brutu force, but not lock myself out or my users,,,, if you use my settings below, then if you are cought by logfile Demon,, then your only blocked from that port. I think this is best, as I usaly go an inspect the bloked IP's, and then add them MANUALY to my perminent deny list!!



    from here,, down ,

    LF_TRIGGER = 0

    LF_SELECT = 1


    LF_SSHD = 7

    LF_FTPD = 20

    LF_POP3D = 20

    LF_IMAPD = 20


    LF_HTACCESS = 1


    LF_MODSEC = 1

    LF_CPANEL = 20

    LF_CSF = 1


    LF_SSH_EMAIL_ALERT = 1


    LF_SU_EMAIL_ALERT = 1

    To here,,,, all the above very important,
     
    #7 DTmonk, Oct 21, 2006
    Last edited: Oct 21, 2006
  8. DTmonk

    DTmonk Member

    Joined:
    Jul 31, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    South Africa
    part (2) of my settings.

    LF_SCRIPT_ALERT = 1


    LF_SCRIPT_LIMIT = 300


    LF_SCRIPT_PERM = 0


    LF_DIRWATCH = 300


    LF_DIRWATCH_DISABLE = 1


    LF_DIRWATCH_FILE = 0

    Last Edit: 23/10/2006
    best you follow chirpys advise and set LF parser



    LF_INTERVAL = 180

    very important that you not set this value to (low) or any higher than 59 seconds, as it seem to be bugy and then youll be using +-50%cpu whenst LFD is in sleep mode,,, you can verify for your self by looking at your current cpu usage

    Last Edit: 23/10/2006
    best you follow chirpys advise and set LF parser to
    [5] seconds
    LF_PARSE = 59 <------------------ correction please set to five [5]
    LF_EMAIL_ALERT = 1


    LT_EMAIL_ALERT = 1


    LT_POP3D = 60


    LT_IMAPD = 0


    LF_DSHIELD = 7200

    LF_DSHIELD_URL = http://feeds.dshield.org/block.txt


    LF_SPAMHAUS = 7200

    LF_SPAMHAUS_URL = http://www.spamhaus.org/drop/drop.lasso

    also becarfull with this next few options, this because i think if you set it to low then you could disterb chat software, as the members may be blocked,,, so if you using chat software then play around with this nex few settings,,, this is with regard to (anty Dos) & connection tracking, (chating software) & (google spiders),,, Ive set myn high below.

    CT_LIMIT = 300


    CT_INTERVAL = 300


    CT_EMAIL_ALERT = 1

    CT_PERMANENT = 0

    CT_BLOCK_TIME = 300


    PT_LIMIT = 300

    PT_INTERVAL = 300


    PT_SKIP_HTTP = 0


    PT_USERPROC = 10


    PT_SMTP = 0

    # OS settings
     
    #8 DTmonk, Oct 21, 2006
    Last edited: Oct 23, 2006
  9. DTmonk

    DTmonk Member

    Joined:
    Jul 31, 2006
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    South Africa
    Hay bro, I hope that will help you,, cos I have tested that settings my self and have also tested the brute force protecton myself,,,,, every day sofare, this firewall has saved me bandwith & personal stress,,,, because within a 2minits of a brutus force password attcks on my servers,,,, then this firwall is stoping and blocking the attckers,,,

    I smile every day whenst i look at my logs and see another one added to my bloklist.
    my setting realy work,,, althou i still bissy to tweek more.

    chow!!

    :D
    DTmonk
    ----------
    ----------
     
  10. DReade83

    DReade83 Well-Known Member

    Joined:
    Oct 20, 2006
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Cheshire, UK
    Cool, thanks for the info. The software appears to do a real good job, so thank you for recommending it. :D
     
  11. rikgarner

    rikgarner Well-Known Member

    Joined:
    Mar 31, 2006
    Messages:
    75
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    /dev/null
    Chirpy's CSF is by far the best firewall and set of security-related tools I have seen for Cpanel, and he is a valued member of the Cpanel community.

    Rich
     
  12. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's no accurate as I mentioned in the main CSF thread. You should leave it at 5 seconds for very good performance reasons.
     
Loading...

Share This Page