ConfigServer Firewall CSF installation

ConfigServer firewall is a popular linux firewall security suite. It is easy to install, flexible to configure and secure with extra checks. CSF helps to control exactly what traffic is allowed in and out of the server and protect the server from malicious attack.
The CSF installation includes control panel user interface available via WHM and login failure daemon process (lfd) that runs periodically to scan the latest log file entries for login attempts  that continually fail within a short period of time. Such attempts are often called “Brute-force attacks” and the daemon process responds very quickly to such patterns and blocks offending IPs quickly.

Download into your SSH and install

ConfigServer Firewall CSF installation


  • wget
  •  tar xfz csf.tgz
  •  cd csf
  •  sh


By default, CSF gets started as “Testing” mode, which means that firewall rules are not fully in effect. To disable this “Testing” mode

vi /etc/csf/csf.conf



save and exit.

restart CSF firewall

csf -r

Goto WHM->Plugins->ConfigServer Firewall

Once your login WHM check CSF configuration.

Customize firewall rules, modify a CSF configuration via command line.

vi /etc/csf/csf.conf

# Change to 0 to disable TESTING mode
. . .
# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443"
# Allow incoming UDP ports
UDP_IN = "20,21,53"
# Allow outgoing UDP ports
UDP_OUT = "20,21,53,113,123"
. . .

After modifying /etc/csf/csf.conf, make sure to restart CSF.

If you want to uninstall CSF at any point, simply run the following.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

cPHulk Brute Force Protection

WHM/cPanel has a service, protected from Brute Force attack, which is called “cPHulk Brute Force...

Enable SSH key authorized login without root password

You need to generate SSH Key ( the private key )on your cpanel server and then update remote...

How can I Redirect URLs in cPanel

Login your cpanel 1. Click the Redirects button on the front page under the “domains” 2. Enter...

Enable Custom php.ini for Fast CGI

With fast-cgi, custom php.ini needs to be in the cgi-bin folder. 1) Move php.ini to cgi-bin...

Disable SSH Direct Root Login

First you need to add new admin user 1,adduser admin 2,passwd admin Please keep admin password...

Powered by WHMCompleteSolution