How to deny and redirect SSH port on CSF in Linux Debian 11.3
To deny and redirect SSH port on CSF in Linux Debian 11.3
Introduction:
CSF configures the firewall on the server to lock down public access to services and only allow certain connections, including FTP, email, or accessing websites. It is a free and advanced firewall for most Linux distributions and Linux based VPS.
Installation Procedure:
Step 1 : Check the version of the Linux Debian 11.3 by using the below command
root@LinuxHelp:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye
Step 2 : Install the SSH by using the below command
root@LinuxHelp:~# apt install ssh -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
ssh
0 upgraded, 1 newly installed, 0 to remove and 6 not upgraded.
Need to get 252 kB of archives.
After this operation, 268 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bullseye/main amd64 ssh all 1:8.4p1-5+deb11u1 [252 kB]
Fetched 252 kB in 1s (348 kB/s)
Selecting previously unselected package ssh.
(Reading database ... 148736 files and directories currently installed.)
Preparing to unpack .../ssh_1%3a8.4p1-5+deb11u1_all.deb ...
Unpacking ssh (1:8.4p1-5+deb11u1) ...
Setting up ssh (1:8.4p1-5+deb11u1) ...
Step 3 : Configure the SSH port on ssh configuration file by using the below command
root@LinuxHelp:~# nano /etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/*.conf
Port 2230
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
Step 4 : Once the configuration is finished then restart the SSH service by using the below command
root@LinuxHelp:~# systemctl restart ssh
Next check the CSF version by using the below command
root@LinuxHelp:~# sudo csf -v
csf: v14.16 (generic)
*WARNING* TESTING mode is enabled - do not forget to disable it in the configuration
Step 5 : Now redirect the SSH port on CSF to redirect file location by using the below command
root@LinuxHelp:~# nano /etc/csf/csf.redirect
See readme.txt for more information
192.168.2.128|2230|*|2240|tcp
192.168.6.134|2240|*|2230|tcp
Step 6 : Now add the SSH port to CSF configuration file by using the below command
root@LinuxHelp:~# nano /etc/csf/csf.conf
This option should be set to "1" in all other circumstances
LF_SPI = "1"
Allow incoming TCP ports
TCP_IN = "2230,20,21,22,25,53,80,110,143,443,465,587,993,995"
Allow outgoing TCP ports
TCP_OUT = "2230,20,21,22,25,53,80,110,113,443,587,993,995"
Allow incoming UDP ports
Step 7 : Once the configuration is completed then restart the CSF service by using the below command
root@LinuxHelp:~# csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
.
.
.
*WARNING* Binary location for [SENDMAIL] [/usr/sbin/sendmail] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality
*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.
Step 8 : Once the service is restart then open SSH console and take SSH on the Linux machine. Now take the SSH on Debian machine using redirect port, the CSF is allowed the port.
Conclusion:
We have reached the end of this article. In this guide, we have walked you through the steps required to Deny and Redirect SSH Port in CSF on Debian 11.3. Your feedback is much welcome.