First Steps After Installation

Whitelist Your Own IP Address

Normally CSF will automatically whitelist the installation users IP address. Make sure to add any IP addresses or networks that should never be blocked by the login failure daemon. This will prevent you from actually getting blocked out of your server.

To Allow an IP address though the firewall:

  1. Navigate to Juggernaut Firewall -> Allow -> Allow Permanently.
  2. Click the Add button to add your IP address or CIDR.

To tell the login failure daemon to ignore a permanent IP address (never block):

  1. Navigate to Juggernaut Firewall -> Ignore -> Ignore Permanently.
  2. Click the Add button to add your IP address or CIDR. (the login failure daemon will show a warning as it can't start if the firewall is running in "testing mode".)

To tell the login failure daemon to ignore a dynamic IP address (never block):

  1. Sign up to a free dynamic DNS service (most home routers support this directly though the router). eg: http://www.noip.com/remote-access
  2. Navigate to Juggernaut Firewall -> Ignore -> Block Lists & DynDNS.
  3. Set Dynamic DNS update interval to an reasonable update interval like 900 (check every 15 minutes).
  4. Checkmark Dynamic DNS ignore IP addresses in LFD blocking
  5. Click the Update button.
  6. Navigate to Juggernaut Firewall -> Settings -> Ignore rDNS.
  7. Click the Add button.
  8. Type the fully qualified domain name of the dynamic IP that you want ignored by the login failure daemon.
  9. Check the Submit button to submit the form.
  10. Click the Restart button to restart the login failure daemon.

Disable Testing

After installation the firewall is running in "testing" mode. With testing enabled CSF will automatically clear iptables after a certain interval. The login failure daemon will not start when testing is enabled. After you are sure that the firewall is working and your IP address is whitelisted you should disable testing.

  1. Navigate to Juggernaut Firewall-> Settings -> Firewall -> Initial Settings.
  2. Uncheck Testing then submit the form.
  3. Click the Restart button to restart the firewall and login failure daemon.

Configure Login Failure Blocking

We recommend enabling the following login failure custom triggers: apache-scanners, apache-useragents, horde, plesk-panel, roundecube, wordpress

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Login Failure Blocking.
  2. Click the Login Failure Blocking Lists icon.
  3. Select a custom trigger that you want to enable. Click the Edit button.
  4. Check the Enabled checkbox then submit the form.
  5. Click the Restart button to restart the firewall and login failure daemon.

Configure Blocklists

We recommend enabling the following blocklists: BDE, DSHIELD, MAXMIND, SPAMDROP, TOR

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Block Lists & DynDNS.
  2. Click the Block Lists icon.
  3. Select a blocklist that you want to enable. Click the Edit button.
  4. Check the Enabled checkbox then submit the form.
  5. Click the Restart button to restart the firewall and login failure daemon.

Configure Tracking Settings

We recommend enabling at minimum the following tracking settings: Distributed Attack Tracking, Connection Tracking, Port Scan Tracking

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Tracking Settings.
  2. To enable Distributed Attack Tracking check the Distributed attack tracking checkbox then press Update.
  3. To enable Connection Tracking enter in 500 in the Connection tracking limit field then press Update.
  4. To enable Port Scan Tracking enter in a 60 in the Port scan tracking interval field then press Update.
  5. Click the Restart button to restart the firewall and login failure daemon.

Configure Country Settings

If you have a large number of domains on the server when we recommend that you tell the login failure daemon to "ignore" your home country and the countries of your clients so you don't accidently block your own clients.

To deny a country on the firewall:

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Country Settings.
  2. Add some countries to Deny countries to all ports
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.

To tell the login failure daemon to ignore a country (never block):

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Country Settings.
  2. Add some countries to LFD blocking ignore countries
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.

Enable the Messenger Service

• We recommend enabling at the messenger serivice so that your users will know that they are getting blocked by the firewall. You can tell them to contact you with their IP address or even enable the messenger reCAPTCHA option so that they can unblock themselves by entering in a CAPTCHA.
• When configuring a new Google reCAPTCHA API key set, you must ensure that the option for "Verify the origin of reCAPTCHA solutions" under advanced settings is unchecked so that the same reCAPTCHA can be used for all domains hosted on the server.

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Messenger Service.
  2. Check the Messenger service checkbox to enable the messenger service.
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.
  5. You can optionally customize the message displayed by editing the messenger templates under Juggernaut Firewall -> Settings -> Login Failure Daemon -> Messenger Service -> Messenter Templates.

Configure Reporting and Alerts

After you confident that you have everything configured it's advisable to configure your alert settings otherwise you will get overloaded with alert emails.

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Reporting & Alerts.
  2. At the very least you will probably want to disable Login failure blocking alerts.