ConfigServer Security & Firewall (CSF) is a user-friendly way of managing a powerful and proactive firewall with additional at-a-glance server security diagnostics, a heap of automated tools, extensive configuration options, and an alert system. Plus it's free and can be run from a terminal or set up as a module for Webmin, DirectAdmin, or cPanel.
The features list would run into a couple of valuable pages, so have a link instead:
The only caveat to installation is that if you are running the APF firewall, then disable that first or things get messy. Disabling APF while evaluating CSF is simple enough:
sh /path/to/apf/disable_apf_bfd.sh
For those with iptables, don't change anything. CSF's installation is intuitive, so important ports don't get blocked during the changeover. Follow this guide and you'll be fine.
Installation is a breeze. Assuming root, we need a dependency package, move to a download location...