CSF Firewall installation and configuration


ConfigServer Firewall (CSF) is an advanced firewall suite for Linux systems that enhances the security on your Server. It also has the Login Failure Daemon (LFD) process that regularly scans for failed login attempts on your Server and takes action against the offending IP Addresses.


This documentation assumes that you are connected to the Server using an SSH client as a root user.

To Install CSF on a ServerTop

  1. Change the present working directory to /usr/local/src using the command below. You may choose any other directory of your choice, where you want the installation script to be downloaded.

    cd /usr/local/src
  2. Run the below command to download the archive file to the present working directory:

    wget http://configserver.com/free/csf.tgz
  3. Extract the files using the command:

    tar xfz csf.tgz
  4. Go to the CSF directory using the command:

    cd csf
  5. To install CSF:

    • On a Server Without any Hosting Panel

      Run the general installation script ./install.generic.sh.

    • On a Server With cPanel or DirectAdmin

      • Run the installation script ./install.cpanel.sh to install CSF on a Server with cPanel.

      • Run the installation script ./install.directadmin.sh to install CSF on a Server with DirectAdmin.

    The CSF Firewall will be installed in the /etc/csf directory and the allowed inbound/outbound port configuration will be adjusted as per the current settings. You can make further adjustments through the configuration file /etc/csf/csf.conf.

  6. Restart the firewall for the changes to take effect using the command:

    /etc/init.d/csf restart
  7. You can disable the testing flag by changing the value for TESTING from 1 to 0 in the configuration file /etc/csf/csf.conf using an editor like vi.


    Ensure that all your custom firewall settings are working perfectly before you disable the testing mode.

    Disabling Testing Mode

  8. Restart the Firewall again.

To Manage CSFTop

CSF can be managed through the Command Line Interface. The command csf would present a list of commands and the information related to them.

CSF Commands

A few basic commands are:

  • Allowing an IP Address

    csf -a <ip_address>
  • Denying an IP Address

    csf -d <ip_address>

You can manage the CSF settings from your WHM Panel (Home >> Plugins).

Managing CSF through WHM

Once the installation is complete, you need to make sure that you have configured the firewall properly, before turning the testing mode off.

Ports and Settings to be enabledTop

TCP_IN 20, 21, 22, 25, 26, 53, 80, 110, 143, 443, 465, 993, 995, 2082, 2083, 2086, 2087, 2095, 2096 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 993, 995, 8443, 8880
TCP_OUT 21, 22, 25, 26, 27, 37, 43, 53, 80, 110, 113, 443, 465, 873, 2089 20, 21, 22, 25, 53, 37, 43, 80, 113, 443, 465, 873, 5224, 5443
UDP_IN 20, 21, 53, 953 20, 21, 37, 53, 873
UDP_OUT 20, 21, 53, 113, 123, 873, 953 20, 21, 53, 113, 123, 873, 6277
Configure SMTP



SMTP_PORTS = "25,26"

SMTPAUTH_LOG = "/var/log/exim_mainlog"



SMTP_PORTS = "25,587"

SMTPAUTH_LOG = "/usr/local/psa/var/log/maillog"

  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

Optimizing Apache

The efficiency with which Apache runs with can be greatly improved with a few small tweaks in the...

Installing Cloudlinux and Configuring LVEManager and Cagefs

The process below explains how to install CloudLinux on your server Download the cldeploy...

Installing and Configuring Clamscan

Contents [Hide] 1. To Install ClamAV for Non-cPanel Servers 2. To Install ClamAV for...

Optimizing MySql

Contents [Hide] 1. Basic Optimization 2. Advanced Optimization   You may choose...

Accessing your Dedicated Server Linux [US] Order

You can access the Server Management Panel and control panels for other Add-ons that you might...