eITWebguru

Install and Configure CSF on a VPS (Part-I Enable Firewall Modules)

Mike Linux Tips, Linux Virtuozzo, Virtuozzo April 25, 2012

First of all, Happy New Year to all the reader as This is the Very First Post for this Year.

Enabling IPTables Modules

Today I will going to explain How to install and configure CSF on a VPS. As VPS is a Virtual Server which shares the resources from the Host server including Kernel Modules, before installation of any firewall on Linux VPS make sure to have some required modules enabled on the host server. Following is the List of modules which required on the host server.

ipt_MASQUERADE
ipt_helper
ipt_SAME
ipt_REDIRECT
ipt_state
ipt_TCPMSS
ipt_LOG
ipt_TOS
tun
iptable_nat
ipt_length
ipt_tcpmss
iptable_mangle
ipt_limit
ipt_tos
iptable_filter
ipt_helper
ipt_tos
ipt_ttl
ipt_REJECT

You can check the modules which are loaded on Host Server using command “lsmod” and if you get following for x_tables the you have all the modules configured otherwise you can enable them using “modprobe” command

x_tables               19204  21 iptable_nat,xt_limit,xt_multiport,ipt_tos,ipt_TOS,ipt_REJECT,ipt_TCPMSS,xt_tcpmss,ipt_ttl,ipt_LOG,xt_length,xt_conntrack,xt_state,xt_helper,ipt_REDIRECT,ipt_recent,ipt_owner,ip_tables,ip6t_REJECT,xt_tcpudp,ip6_tables

You can copy and paste the following commands to enable all the required IPTables modules

modprobe ipt_MASQUERADE
modprobe ipt_helper
modprobe ipt_SAME
modprobe ipt_REDIRECT
modprobe ipt_state
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe tun
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_limit
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_REJECT

Enable Firewall Modules for VPS

Once the IPtables modules are enabled on Host server, execute following command from the shell (of HW Node) to enable modules for the VPS.

vzctl set VEID --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save

Or you can open VPS Configuration file i.e. /etc/vz/conf/VEID.conf and paste following in the last line of the file

IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc"

Here, VEID is the VPS ID of the Server

In Next Part, I will tell how to install and configure CSF on different Control Panels. You can check the Next Part here

About: Mike

Milind Koyande loves to work on new technologies specially virtualization and troubleshoot server problems. I’m an avid photographer and love to spend my free time close to nature, trying to capture its glory on my camera.

One thought on “Install and Configure CSF on a VPS (Part-I Enable Firewall Modules)”

  1. Pingback: Install and Configure CSF on a VPS (Part-II) |

This site uses Akismet to reduce spam. Learn how your comment data is processed.