Hi all,
I use Csf in all my production and testing servers (mostly Debian and Debian like) and never got a single problem....but...I also use a lot of OpenWrt routers and I think it would be a lot better to install a Csf on them, to centralize firewalling and not having Dmz or similar on the routers avoiding each server manage the firewalling...
Installing on the OpenWrt, behind which there are the servers, could be an impressive improvement in easying the management and controlling traffics on the router instead (or in parallel) with the servers.
I can eventually try to port Csf on OpenWrt but I'm not well skilled on both architecture and may be it come out as a try and fix... :-(
(sorry for my english :-D )
OpenWrt module
Re: OpenWrt module
Well, I'm beginning to test on OpenWrt.
First of all we have to install some packages, at least for the csftest.pl.
Perl, Perl-baseipc, Iptables-legacy, iptables-mod-conntrack-extra, iptables-mod-extra, iptables-mod-filter, kmod-ipt-nat
Then we have to make a symlink
ln -s /usr/sbin/iptables /sbin/iptables
Now we have to make some change in the script, essentially cause "-m state --state" is deprecated with OpenWrt, so change "-m state --state" with "-m conntrack --ctstate".
Test the script as
perl csftest.pl
All the tests are passed. Now I'll try to install the firewall....
First of all we have to install some packages, at least for the csftest.pl.
Perl, Perl-baseipc, Iptables-legacy, iptables-mod-conntrack-extra, iptables-mod-extra, iptables-mod-filter, kmod-ipt-nat
Then we have to make a symlink
ln -s /usr/sbin/iptables /sbin/iptables
Now we have to make some change in the script, essentially cause "-m state --state" is deprecated with OpenWrt, so change "-m state --state" with "-m conntrack --ctstate".
Test the script as
perl csftest.pl
All the tests are passed. Now I'll try to install the firewall....