How to install CSF and Configure on Oracle Linux 8.8
- 00:35 cat /etc/os-release
- 00:55 yum install perl-libwww-perl
- 01:56 cd /usr/src/
- 02:04 wget https://download.configserver.com/csf.tgz
- 02:28 tar xzf csf.tgz
- 02:40 cd csf/
- 02:55 sh install.sh
- 03:32 perl /usr/local/csf/bin/csftest.pl
- 03:58 systemctl stop firewalld
- 04:11 systemctl disable firewalld
- 04:32 vim /etc/csf/csf.conf
- 05:11 systemctl restart lfd csf
- 05:30 systemctl enable csf lfd
- 05:47 systemctl is-active csf lfd
- 05:57 csf -v
- 06:12 csf -l
{{postValue.id}}
To install CSF and Configure on Oracle Linux 8.8
Introduction:
CSF stands for ConfigServer Security & Firewall. It provides a range of security features, including login, intrusion, and flood detection. The platform also offers UI integration for cPanel, DirectAdmin, and Webmin.
Installation Steps:
Step 1: Check the OS version by using the below command
[root@linuxhelp ~]# cat /etc/os-release
NAME="Oracle Linux Server"
VERSION="8.8"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="8.8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Oracle Linux Server 8.8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:8:8:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://github.com/oracle/oracle-linux"
ORACLE_BUGZILLA_PRODUCT="Oracle Linux 8"
ORACLE_BUGZILLA_PRODUCT_VERSION=8.8
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=8.8
Step 2: Install the supporting packages by using the below command
[root@linuxhelp ~]# yum install perl-libwww-perl
Last metadata expiration check: 0:00:23 ago on Saturday 24 June 2023 01:36:13 AM IST.
Dependencies resolved.
===============================================================================
Package Arch Version Repository Size
===============================================================================
Installing:
perl-libwww-perl noarch 6.34-1.module+el8.3.0+7692+542c56f9
ol8_appstream 212 k
Installing dependencies:
perl-Compress-Raw-Bzip2 x86_64 2.081-1.el8 ol8_baseos_latest 40 k
perl-Compress-Raw-Zlib x86_64 2.081-1.el8 ol8_baseos_latest 68 k
perl-Data-Dump noarch 1.23-7.module+el8.3.0+7692+542c56f9
ol8_appstream 37 k
perl-Digest-HMAC noarch 1.03-17.module+el8.3.0+7692+542c56f9
ol8_appstream 20 k
perl-Digest-SHA x86_64 1:6.02-1.el8 ol8_appstream 66 k
perl-Encode-Locale noarch 1.05-10.module+el8.3.0+7692+542c56f9
ol8_appstream 22 k
perl-File-Listing noarch 6.04-17.module+el8.3.0+7692+542c56f9
ol8_appstream 18 k
perl-HTML-Parser x86_64 3.72-15.module+el8.3.0+7692+542c56f9
ol8_appstream 119 k
perl-HTML-Tagset noarch 3.20-34.module+el8.3.0+7692+542c56f9
ol8_appstream 24 k
perl-HTTP-Cookies noarch 6.04-2.module+el8.3.0+7692+542c56f9
ol8_appstream 39 k
perl-HTTP-Date noarch 6.02-19.module+el8.3.0+7692+542c56f9
ol8_appstream 19 k
perl-HTTP-Message noarch 6.18-1.module+el8.3.0+7692+542c56f9
ol8_appstream 100 k
perl-HTTP-Negotiate noarch 6.01-19.module+el8.3.0+7692+542c56f9
ol8_appstream 22 k
perl-IO-Compress noarch 2.081-1.el8 ol8_baseos_latest 258 k
perl-IO-HTML noarch 1.001-11.module+el8.3.0+7692+542c56f9
ol8_appstream 28 k
perl-LWP-MediaTypes noarch 6.02-15.module+el8.3.0+7692+542c56f9
ol8_appstream 29 k
perl-NTLM noarch 1.09-17.module+el8.3.0+7692+542c56f9
ol8_appstream 24 k
perl-Net-HTTP noarch 6.17-2.module+el8.3.0+7692+542c56f9
ol8_appstream 43 k
perl-TimeDate noarch 1:2.30-15.module+el8.3.0+7692+542c56f9
ol8_appstream 53 k
perl-Try-Tiny noarch 0.30-7.module+el8.3.0+7692+542c56f9
ol8_appstream 45 k
perl-WWW-RobotRules noarch 6.02-18.module+el8.3.0+7692+542c56f9
ol8_appstream 23 k
Transaction Summary
===============================================================================
Install 22 Packages
Total download size: 1.3 M
Installed size: 2.6 M
Is this ok [y/N]: y
Downloading Packages:
(1/22): perl-Compress-Raw-Bzip2-2.081-1.el8.x8 281 kB/s | 40 kB 00:00
(2/22): perl-Data-Dump-1.23-7.module+el8.3.0+7 1.4 MB/s | 37 kB 00:00
(3/22): perl-Compress-Raw-Zlib-2.081-1.el8.x86 349 kB/s | 68 kB 00:00
(4/22): perl-Digest-HMAC-1.03-17.module+el8.3. 1.7 MB/s | 20 kB 00:00
(5/22): perl-IO-Compress-2.081-1.el8.noarch.rp 1.2 MB/s | 258 kB 00:00
(6/22): perl-Encode-Locale-1.05-10.module+el8. 609 kB/s | 22 kB 00:00
(7/22): perl-File-Listing-6.04-17.module+el8.3 847 kB/s | 18 kB 00:00
(8/22): perl-Digest-SHA-6.02-1.el8.x86_64.rpm 1.4 MB/s | 66 kB 00:00
(9/22): perl-HTML-Tagset-3.20-34.module+el8.3. 2.3 MB/s | 24 kB 00:00
(10/22): perl-HTML-Parser-3.72-15.module+el8.3 2.8 MB/s | 119 kB 00:00
(11/22): perl-HTTP-Date-6.02-19.module+el8.3.0 472 kB/s | 19 kB 00:00
(12/22): perl-HTTP-Cookies-6.04-2.module+el8.3 597 kB/s | 39 kB 00:00
(13/22): perl-HTTP-Negotiate-6.01-19.module+el 759 kB/s | 22 kB 00:00
(14/22): perl-IO-HTML-1.001-11.module+el8.3.0+ 632 kB/s | 28 kB 00:00
(15/22): perl-HTTP-Message-6.18-1.module+el8.3 1.7 MB/s | 100 kB 00:00
(16/22): perl-LWP-MediaTypes-6.02-15.module+el 904 kB/s | 29 kB 00:00
(17/22): perl-NTLM-1.09-17.module+el8.3.0+7692 1.2 MB/s | 24 kB 00:00
(18/22): perl-Net-HTTP-6.17-2.module+el8.3.0+7 1.2 MB/s | 43 kB 00:00
(19/22): perl-TimeDate-2.30-15.module+el8.3.0+ 1.4 MB/s | 53 kB 00:00
(20/22): perl-Try-Tiny-0.30-7.module+el8.3.0+7 1.0 MB/s | 45 kB 00:00
(21/22): perl-WWW-RobotRules-6.02-18.module+el 473 kB/s | 23 kB 00:00
(22/22): perl-libwww-perl-6.34-1.module+el8.3. 5.2 MB/s | 212 kB 00:00
-------------------------------------------------------------------------------
Total 2.7 MB/s | 1.3 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : perl-Compress-Raw-Zlib-2.081-1.el8.x86_64 1/22
Installing : perl-LWP-MediaTypes-6.02-15.module+el8.3.0+7692+5 2/22
Installing : perl-Encode-Locale-1.05-10.module+el8.3.0+7692+54 3/22
Installing : perl-WWW-RobotRules-6.02-18.module+el8.3.0+7692+5 4/22
Installing : perl-Try-Tiny-0.30-7.module+el8.3.0+7692+542c56f9 5/22
Installing : perl-TimeDate-1:2.30-15.module+el8.3.0+7692+542c5 6/22
Installing : perl-HTTP-Date-6.02-19.module+el8.3.0+7692+542c56 7/22
Installing : perl-File-Listing-6.04-17.module+el8.3.0+7692+542 8/22
Installing : perl-IO-HTML-1.001-11.module+el8.3.0+7692+542c56f 9/22
Installing : perl-HTML-Tagset-3.20-34.module+el8.3.0+7692+542c 10/22
Installing : perl-Digest-SHA-1:6.02-1.el8.x86_64 11/22
Installing : perl-Digest-HMAC-1.03-17.module+el8.3.0+7692+542c 12/22
Installing : perl-NTLM-1.09-17.module+el8.3.0+7692+542c56f9.no 13/22
Installing : perl-Data-Dump-1.23-7.module+el8.3.0+7692+542c56f 14/22
Installing : perl-Compress-Raw-Bzip2-2.081-1.el8.x86_64 15/22
Installing : perl-IO-Compress-2.081-1.el8.noarch 16/22
Installing : perl-HTTP-Message-6.18-1.module+el8.3.0+7692+542c 17/22
Installing : perl-HTML-Parser-3.72-15.module+el8.3.0+7692+542c 18/22
Installing : perl-HTTP-Cookies-6.04-2.module+el8.3.0+7692+542c 19/22
Installing : perl-HTTP-Negotiate-6.01-19.module+el8.3.0+7692+5 20/22
Installing : perl-Net-HTTP-6.17-2.module+el8.3.0+7692+542c56f9 21/22
Installing : perl-libwww-perl-6.34-1.module+el8.3.0+7692+542c5 22/22
Running scriptlet: perl-libwww-perl-6.34-1.module+el8.3.0+7692+542c5 22/22
Installed:
perl-Compress-Raw-Bzip2-2.081-1.el8.x86_64
perl-Compress-Raw-Zlib-2.081-1.el8.x86_64
perl-Data-Dump-1.23-7.module+el8.3.0+7692+542c56f9.noarch
perl-Digest-HMAC-1.03-17.module+el8.3.0+7692+542c56f9.noarch
perl-Digest-SHA-1:6.02-1.el8.x86_64
perl-Encode-Locale-1.05-10.module+el8.3.0+7692+542c56f9.noarch
perl-File-Listing-6.04-17.module+el8.3.0+7692+542c56f9.noarch
perl-HTML-Parser-3.72-15.module+el8.3.0+7692+542c56f9.x86_64
perl-HTML-Tagset-3.20-34.module+el8.3.0+7692+542c56f9.noarch
perl-HTTP-Cookies-6.04-2.module+el8.3.0+7692+542c56f9.noarch
perl-HTTP-Date-6.02-19.module+el8.3.0+7692+542c56f9.noarch
perl-HTTP-Message-6.18-1.module+el8.3.0+7692+542c56f9.noarch
perl-HTTP-Negotiate-6.01-19.module+el8.3.0+7692+542c56f9.noarch
perl-IO-Compress-2.081-1.el8.noarch
perl-IO-HTML-1.001-11.module+el8.3.0+7692+542c56f9.noarch
perl-LWP-MediaTypes-6.02-15.module+el8.3.0+7692+542c56f9.noarch
perl-NTLM-1.09-17.module+el8.3.0+7692+542c56f9.noarch
perl-Net-HTTP-6.17-2.module+el8.3.0+7692+542c56f9.noarch
perl-TimeDate-1:2.30-15.module+el8.3.0+7692+542c56f9.noarch
perl-Try-Tiny-0.30-7.module+el8.3.0+7692+542c56f9.noarch
perl-WWW-RobotRules-6.02-18.module+el8.3.0+7692+542c56f9.noarch
perl-libwww-perl-6.34-1.module+el8.3.0+7692+542c56f9.noarch
Complete!
Step 3: Change Diretory to /usr/src/ by using the below command
[root@localhost ~]# cd /usr/src/
Step 4: Download the CSF package by using the below command
[root@localhost src]# wget https://download.configserver.com/csf.tgz
--2021-12-07 06:21:15-- https://download.configserver.com/csf.tgz
Connecting to download.configserver.com (download.configserver.com)|94.130.90.175|:443... connected.
HTTP request sent, awaiting response... 200 OK
csf.tgz 100%[================================================================>] 2.18M 2.16MB/s in 1.0s
Step 5: Extract the package by using the below command
[root@localhost src]# tar xzf csf.tgz
Step 6: Enter to the CSF directory by using the below command
[root@localhost src]# cd csf/
Step 7: Run the installation script by using the below command
[root@localhost csf]# sh install.sh
Selecting installer...
Running csf generic installer
Installing generic csf and lfd
Check we're running as root
mkdir: cannot create directory ‘/etc/csf’: File exists
'install.txt' -> '/etc/csf/install.txt'
Checking Perl modules...
Using configuration defaults
...Perl modules OK
Don't forget to:
1. Configure the following options in the csf configuration to suite your server: TCP_*, UDP_*
2. Restart csf and lfd
3. Set TESTING to 0 once you're happy with the firewall, lfd will not run until you do so
'lfd.service' -> '/usr/lib/systemd/system/lfd.service'
'csf.service' -> '/usr/lib/systemd/system/csf.service'
Unit /etc/systemd/system/firewalld.service is masked, ignoring.
'/etc/csf/csfwebmin.tgz' -> '/usr/local/csf/csfwebmin.tgz'
Installation Completed
Step 8: check that all dependencies installed by using the below command
[root@linuxhelp csf]# perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server
Step 9: Stop the firewalld by using the below command
[root@localhost csf]# systemctl stop firewalld
Step 10: Disable the firewalld by using the below command
[root@linuxhelp csf]# systemctl disable firewalld
Unit /etc/systemd/system/firewalld.service is masked, ignoring.
Step 11: Edit the CSF configuration file and change TESTING=1 to TESTING=0 by using the below command
[root@linuxhelp csf]# vim /etc/csf/csf.conf
###############################################################################
# SECTION:Initial Settings
###############################################################################
# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. incase you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
#
# lfd will not start while this is enabled
TESTING = "0"
# The interval for the crontab in minutes. Since this uses the system clock the
# CRON job will run at the interval past the hour and not from when you issue
# the start command. Therefore an interval of 5 minutes means the firewall
# will be cleared in 0-5 minutes from the firewall start
TESTING_INTERVAL = "5"
# SECURITY WARNING
# ================
#
# Unfortunately, syslog and rsyslog allow end-users to log messages to some
# system logs via the same unix socket that other local services use. This
# means that any log line shown in these system logs that syslog or rsyslog
# maintain can be spoofed (they are exactly the same as real log lines).
Step 12: Restart the lFD and CSF services by using the below command
[root@localhost csf]# systemctl restart lfd csf
Step 13: Enable the services by using the below command
[root@localhost csf]# systemctl enable csf lfd
Step 14: Check the services status by using the below command
[root@localhost csf]# systemctl is-active csf lfd
active
active
Step 15: Check the CSF version by using the below command
[root@linuxhelp csf]# csf -v
csf: v14.18 (generic)
Step 16: List the CSF rules by using the below command
[root@linuxhelp csf]# csf -l
iptables filter table
=====================
Chain INPUT (policy DROP 14 packets, 2103 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- !lo * 8.8.8.8 0.0.0.0/0 tcp dpt:53
2 0 0 ACCEPT udp -- !lo * 8.8.8.8 0.0.0.0/0 udp dpt:53
3 0 0 ACCEPT tcp -- !lo * 8.8.8.8 0.0.0.0/0 tcp spt:53
4 4 451 ACCEPT udp -- !lo * 8.8.8.8 0.0.0.0/0 udp spt:53
5 872 4082K LOCALINPUT all -- !lo * 0.0.0.0/0 0.0.0.0/0
6 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
7 870 4081K INVALID tcp -- !lo * 0.0.0.0/0 0.0.0.0/0
8 0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5
9 0 0 LOGDROPIN icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmptype 8
10 0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0
11 869 4081K ACCEPT all -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
12 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:20
13 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:21
14 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:22
15 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:25
16 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:53
17 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:853
18 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:80
19 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:110
20 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:143
21 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:443
22 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:465
23 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:587
24 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:993
25 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:995
26 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:20
27 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:21
28 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:53
29 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:853
30 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:80
31 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:443
32 2 470 LOGDROPIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 4 packets, 246 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 8.8.8.8 tcp dpt:53
2 4 262 ACCEPT udp -- * !lo 0.0.0.0/0 8.8.8.8 udp dpt:53
3 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 8.8.8.8 tcp spt:53
4 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 8.8.8.8 udp spt:53
5 736 41071 LOCALOUTPUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
6 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
7 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 udp dpt:53
8 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 tcp spt:53
9 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 udp spt:53
10 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
11 737 41262 INVALID tcp -- * !lo 0.0.0.0/0 0.0.0.0/0
12 0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0
13 727 39614 ACCEPT all -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
14 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:20
15 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:21
16 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:22
17 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:25
18 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:53
19 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:853
20 2 120 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:80
21 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:110
22 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:113
23 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:443
24 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:587
25 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:993
26 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:995
27 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:20
28 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:21
29 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:53
30 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:853
31 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:113
32 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:123
33 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPIN (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23
2 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:23
3 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
4 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
5 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:68
6 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
7 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
8 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111
9 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
10 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:113
11 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139
12 2 470 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139
13 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
14 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
15 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:500
16 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500
17 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:513
18 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:513
19 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:520
20 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
21 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
22 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
23 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
24 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPOUT (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
2 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
3 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
4 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain DENYIN (1 references)
num pkts bytes target prot opt in out source destination
Chain DENYOUT (1 references)
num pkts bytes target prot opt in out source destination
Chain ALLOWIN (1 references)
num pkts bytes target prot opt in out source destination
Chain ALLOWOUT (1 references)
num pkts bytes target prot opt in out source destination
Chain LOCALINPUT (1 references)
num pkts bytes target prot opt in out source destination
1 872 4082K ALLOWIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
2 872 4082K DENYIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
Chain LOCALOUTPUT (1 references)
num pkts bytes target prot opt in out source # Warning: iptables-legacy tables present, use iptables-legacy to see them
destination
1 736 41071 ALLOWOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
2 736 41071 DENYOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
Chain INVDROP (10 references)
num pkts bytes target prot opt in out source destination
1 9 1588 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INVALID (2 references)
num pkts bytes target prot opt in out source destination
1 3 442 INVDROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
2 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
3 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
4 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
5 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
6 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
7 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
8 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
9 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
10 6 1146 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 ctstate NEW
iptables mangle table
=====================
Chain PREROUTING (policy ACCEPT 890 packets, 4084K bytes)
num pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 890 packets, 4084K bytes)
num pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 745 packets, 41770 bytes)
num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 737 packets, 40242 bytes)
num pkts bytes target prot opt in out source destination
iptables raw table
==================
Chain PREROUTING (policy ACCEPT 890 packets, 4084K bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 745 packets, 41770 bytes)
num pkts bytes target prot opt in out source destination
iptables nat table
==================
Chain PREROUTING (policy ACCEPT 2 packets, 470 bytes)
num pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 4 packets, 251 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 10 packets, 1397 bytes)
num pkts bytes target prot opt in out source destination
Conclusion:
By this how to install CSF and configure on Oracle Linux 8.8 has come to an end.
Comments ( 0 )
No comments available