amuck-landowner

CSF Install

kcaj

kcaj

New Member
I've installed CSF on my Debian 7 VPS. Here are a few lines from /etc/csf/csf.conf


###############################################################################
# SECTION:IPv4 Port Settings
###############################################################################
# Lists of ports in the following comma separated lists can be added using a
# colon (e.g. 30000:35000).

# Allow incoming TCP ports
TCP_IN = "22"

# Allow outgoing TCP ports
TCP_OUT = "22,53,80"

# Allow incoming UDP ports
UDP_IN = "53,161"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "53"

# Allow incoming PING
ICMP_IN = "1"

# Set the per IP address incoming ICMP packet rate
# To disable rate limiting set to "0"
ICMP_IN_RATE = "1/s"

# Allow outgoing PING
ICMP_OUT = "1"

# Set the per IP address outgoing ICMP packet rate (hits per second allowed),
# e.g. "1/s"
# To disable rate limiting set to "0"
ICMP_OUT_RATE = "1/s"

My problem is a web panel on port 9091 is still accessible. I have configured the port as open in CSF, so why is it open? CSF does seem to be working to an extent, I initially forgot to open port 161 for SNMP access and the Observium poll server reported the server as being down as it couldn't reach SNMP.

Why is 9091 still open?
 
Last edited by a moderator:
Lee

Lee

Retired Staff
Verified Provider
Retired Staff
Are you sure CSF is running?  Did you switch it from the default test mode into production? 
 
TruvisT

TruvisT

Server Management Specialist
Verified Provider
CSF will automatically whitelist your IP so it will always be open to you.
 
Dylan

Dylan

Active Member
TruvisT said:
CSF will automatically whitelist your IP so it will always be open to you.
Click to expand...
Bingo - check /etc/csf/csf.allow. You can just remove the automatically added IP if you want to make sure everything's working properly.
 
fixidixi

fixidixi

Active Member
you can of course also enable only the port that you need instead of allowing "everything"..

tcp/udp:in/out:s/d=3306:s/d=10.9.1.1
 
kcaj

kcaj

New Member
fixidixi said:
you can of course also enable only the port that you need instead of allowing "everything"..

tcp/udp:in/out:s/d=3306:s/d=10.9.1.1
Click to expand...
Yes, I have been doing this over the past few days.

I've hit another problem though. I run transmission-daemon on one of my boxes and am unable to get it working with a firewall enabled. I've tried opening the the relevant TCP/UDP ports in settings and for the trackers but am unable to get to load. Adding a magnetized transfer won't even load the details.
 
You must log in or register to reply here.
Top
amuck-landowner