Installing and Configuring CSF (ConfigServer Security & Firewall)
CSF is an advanced firewall configuration script created to enhance server security. It's designed for Linux servers and integrates well with cPanel/WHM and DirectAdmin, but can be used standalone too.
1. System Requirements
- Perl must be installed (default on most Linux distributions)
- Root access to the server
2. Install CSF
cd /usr/src
sudo wget https://download.configserver.com/csf.tgz
sudo tar -xzf csf.tgz
cd csf
sudo sh install.sh3. Test if Required IPTables Modules Are Present
sudo perl /usr/local/csf/bin/csftest.plEnsure the output shows no fatal errors.
4. Disable Testing Mode
After installation, CSF is in testing mode by default. To disable this:
sudo nano /etc/csf/csf.confFind the line:
TESTING = "1"Change it to:
TESTING = "0"Then save and restart CSF:
sudo csf -r5. Configure Firewall Rules
Open the config file:
sudo nano /etc/csf/csf.confCommon ports to allow:
- 22 (SSH)
- 80, 443 (HTTP/HTTPS)
- 25, 587, 465 (SMTP)
Update the values in:
TCP_IN = "22,80,443,25,587,465"TCP_OUT = "22,80,443"
6. Enable CSF at Boot
sudo systemctl enable csf
sudo systemctl enable lfd7. CSF Basic Commands
csf -r # Restart CSF
csf -l # List current firewall rules
csf -d IP # Deny an IP
csf -a IP # Allow an IP
csf -dr IP # Remove IP from deny list
csf -ar IP # Remove IP from allow listSummary
CSF is a powerful firewall tool that adds more control and visibility over incoming/outgoing connections. It’s especially useful in shared hosting environments and VPS setups.
