How to Deny and Redirect SSH Port in CSF on Oracle Linux 8.5

To Deny and Redirect SSH Port in CSF on Oracle Linux 8.5

Introduction:

CSF configures the firewall on the server to lock down public access to services and only allow certain connections, including FTP, email, or accessing websites. It is a free and advanced firewall for most Linux distributions and Linux based VPS.

Note: Before Configure Install CSF

Installation Procedure:

Step 1: Check the OS version by using the below command

[root@linuxhelp linuxhelp]# cat /etc/os-release
NAME="Oracle Linux Server"
VERSION="8.5"
ID="ol"

Step 2: Install the SSH package by using the below command

[root@linuxhelp ]# yum install openssh-server openssh-clients
Last metadata expiration check: 0:26:20 ago on Sat 11 Jun 2022 12:16:50 AM IST.
Package openssh-server-8.0p1-10.el8.x86_64 is already installed.
Package openssh-clients-8.0p1-10.el8.x86_64 is already installed.
Transaction Summary
====================================================================================
  openssh-8.0p1-13.el8.x86_64                     openssh-askpass-8.0p1-13.el8.x86_64            

  openssh-clients-8.0p1-13.el8.x86_64             openssh-server-8.0p1-13.el8.x86_64             
   Complete!

Step 3: Configure the SSH port number in ssh_config file by using the below command

[root@linuxhelp ]# vim /etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/*.conf
Port 255
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

Step 4: Restart the SSH by using the below command

[root@linuxhelp]# systemctl restart sshd

Step 5: Redirect the SSH port by using the below command

root@linuxhelp:~# vim /etc/csf/csf.redirect 
 See readme.txt for more information
192.168.6.134|255|*|244|tcp
192.168.6.134|244|*|255|tcp

Step 6: Now add the SSH port on csf.conf file by using the below command

[root@linuxhelp]# vim /etc/csf/csf.conf 
 This option should be set to "1" in all other circumstances
LF_SPI = "1"
 Allow incoming TCP ports
TCP_IN = "255,20,21,22,25,53,80,110,143,443,465,587,993,995"
 Allow outgoing TCP ports
TCP_OUT = "255,20,21,22,25,53,80,110,113,443,587,993,995"
 Allow incoming UDP ports

Step 7: Reload the CSF by using the below command.

[root@linuxhelp:]# csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'

Step 8: Once Reloaded the CSF, login SSH using Port 255 will be denied and Port 244 redirects to Port 255 as shown in the below image.

Conclusion:

We have reached the end of this article. In this guide, we have walked you through the steps required to Deny and Redirect SSH Port in CSF on Oracle Linux 8.5. Your feedback is much welcome.

Tag : CSF (ConfigServer Security & Firewall) OpenSSH OracleVM
FAQ
Q
Is CSF firewall free?
A
Config Server Firewall (or CSF) is a free and advanced firewall for most Linux distributions and Linux-based VPS
Q
Where is CSF conf?
A
Login to your Linux machine.Open csf. conf file using any text editor. /etc/csf/csf.conf.
Q
Can you change the default port number in ssh?
A
Open the /etc/ssh/sshd_config file in your preferred text editor and change the port number.
Q
What port does SSH use?
A
By default, the SSH server still runs in port 22.
Q
What is the use of SSH?
A
SSH or Secure Shell is a network communication protocol that enables two computers to communicate.