What is CSF (ConfigServer Security & Firewall) and why use it on AWS?

CSF (ConfigServer Security & Firewall) is a stateful firewall configuration and security tool for Linux servers. On AWS EC2 instances, CSF provides an additional layer of IP-based firewall control, brute force login detection, process tracking, and port management — complementing AWS Security Groups.

How do you install and configure CSF on an AWS EC2 instance?

To install CSF on AWS EC2: download and install via 'wget https://download.configserver.com/csf.tgz && tar -xzf csf.tgz && sh csf/install.sh', then edit /etc/csf/csf.conf to configure your firewall rules, whitelist your admin IP, enable testing mode (TESTING = '1'), test with 'csf -t', then disable testing mode.

Does CSF work alongside AWS Security Groups?

Yes, CSF and AWS Security Groups work together. Security Groups operate at the AWS network layer before traffic reaches the instance, while CSF operates at the OS level (iptables). Use Security Groups as the primary control, and CSF for additional OS-level firewall rules, connection rate limiting, and brute force detection.

What ports should I allow in CSF for a typical web server?

For a typical web server, allow in CSF: TCP ports 80 (HTTP), 443 (HTTPS), 22 (SSH — restrict to your IP), 25/465/587 (email if needed), and any application-specific ports. Outbound, allow all TCP ports or restrict to common ports (80, 443, 53 for DNS, 123 for NTP, 3306 for MySQL).

How to Configure CSF Firewall on Your AWS EC2 Instance

March 5, 2021 / Nirav Shah

Config Server Firewall (popularly known as CSF) is a free and open-source firewall application suite for most Linux distributions and Linux based Virtual Private Servers (VPS). It provides the basic functionality of a firewall – filtering packets while also providing additional security to your server.

To verify the required firewall modules command:

perl /usr/local/csf/bin/csftest.pl

Everything should be fine and you should get the following output:

Configure CSF on your AWS instance

nano /etc/csf/csf.conf

Certain ports are opened by default, and these ports are given below:

Configure CSF on your AWS instance

The services using the open ports

Port 110: Post office protocol v3 (POP3)
Port 113: Authentication service/identification protocol
Port 123: Network time protocol (NTP)
Port 143: Internet message access protocol (IMAP)
Port 443: Hypertext transfer protocol over SSL/TLS (HTTPS)
Port 465: URL Rendezvous Directory for SSM (Cisco)
Port 587: E-mail message submission (SMTP)
Port 993: Internet message access protocol over SSL (IMAPS)
Port 995: Post office protocol 3 over TLS/SSL (POP3S)
The ports most needed at any time on any server are:
TCP_IN: 22,53
TCP_OUT: 22,53,80,113,443
UPD_IN: 53
UPD_OUT: 53,113,123

After changing the settings in csf.conf, you should save the files and restart CSF for the changes to take effect with this command:

csf -r

How to Block and Allow IP Addresses Using CSF on AWS

Blocking IP addresses

If you would like to block an IP address or range, open csf.deny with the command below:

nano /etc/csf/csf.deny

Below is the default csf.deny file as it contains no entries.

Configure CSF on your AWS instance

To block a specific IP address, add it to the file:

– 196.xx.xx.xx To block a range of IP addresses, add the IP followed by the CIDR Value

– 196.xx.xx.xx/29.

Allowing IP addresses

nano /etc/csf/csf.allow

Below is the default csf.allow file as it contains no entries.

Configure CSF on your AWS instance

You can also allow a specific IP and a range of IP addresses without opening the csf.deny file but by running the commands below:

csf -a 196.x.x.x
csf -ar 196.x.x.x

Note: Allowed IP addresses are allowed even if they are explicitly blocked in a csf.deny file.

Spread Love By Sharing:

Nirav Shah

Nirav Shah is the Director of Eternal Web Pvt Ltd, an AWS Advanced Consulting Partner and certified Odoo Partner based in the UK. With over a decade of experience in cloud computing, digital transformation, and ERP implementation, Nirav helps enterprises adopt the right technology to solve complex business challenges. He specialises in AWS infrastructure, Odoo ERP, and web development solutions for businesses across the UK and beyond.