Virtualizor is an excellent control panel for managing multiple virtual servers on one or more servers. It’s released by the same people that make the popular Softaculous auto-installer software. There is a built-in firewall system, but it’s probably the weakest aspect of the whole system. I’m a big fan of CSF – provided free by Way to the Web Ltd. The configuration is straightforward yet feature packed and is constantly updated.
Virtualizor & CSF – the perfect couple
Thankfully, it’s very easy to replace the built-in firewall with CSF so that you can have the best of both worlds.
Firstly, we need to install a few CentOS packages that CSF needs.
[user@server] sudo yum install unzip perl-libwww-perl bind-utils wget nano
Install CSF
Once completed we can install CSF using the commands below:
cd /usr/src rm -fv csf.tgz wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh
Now we need to configure the firewall to our needs. This is done by editing the configuration files, I’d advise using nano.
Firstly edit the csf.allow file
[user@server] sudo nano /etc/csf/csf.allow
If you’re using a static IP, or a VPN with a static IP, add it here to ensure you maintain access. Then Ctrl + O to save and Ctrl+ X to exit.
Next, you need to edit the main configuration file
[user@server] sudo nano /etc/csf/csf.conf
There are a few options you’ll need to change for this specific use, but you may wish to look at others at a later time.
TESTING = “1” should be altered to TESTING = “0” – this makes the firewall active
TCP_IN = “….” should be altered to only have the ports you need open. eg TCP_IN = “4083,4085” – these are the two SSL ports. If you’re planning to use the LetsEncrypt! certificate feature, you’ll also need to open port 80 for that. If you don’t have a static IP you may also wish to leave SSH open for you to access, 22. As per the example in the configuration, just list the ports separated by commas.
Again, Ctrl + O to save and Ctrl+ X to exit.
Finally, we need to add an additional config file to allow CSF to work with Virtualizer.
[user@server] sudo nano /etc/csf/csfpost.sh
And add the following line:
/sbin/iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
If you’re using IPv6 you’ll also need to add:
/sbin/ip6tables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
Again, Ctrl + O to save and Ctrl+ X to exit.
Reload CSF
[user@server] sudo csf -r
And you’re good to go.
Recent Posts
Recent Comments
- Konrad on Add https to Pi-hole with caddy
- jolu on Add LetsEncrypt SSL certificate to Pi-hole
- Mike on Add https to Pi-hole with caddy
- Kamyar on Pi-hole vs AdGuard Home
- Kish on Pi-hole vs AdGuard Home