+91-911 966 7686 WhatsApp Support
Home / Blog / VPS & Cloud / How to Install and Configure CSF Firewall on…
VPS & Cloud

How to Install and Configure CSF Firewall on a cPanel Server

18 views

ConfigServer Security & Firewall (CSF) is a stateful packet inspection (SPI) firewall built on top of iptables. It integrates directly into WHM and provides a Login Failure Daemon (LFD) that auto-blocks brute-force attackers. It's free, actively maintained, and installed on millions of cPanel servers worldwide.

Prerequisites

  • cPanel/WHM server with root access
  • Perl installed (perl -v to check)

Step 1 — Download and Install CSF

bash
cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Step 2 — Verify iptables Compatibility

bash
perl /usr/local/csf/bin/csftest.pl

All tests should show PASS. Any FATAL result must be resolved before enabling CSF.

Step 3 — Edit the Main Configuration

bash
nano /etc/csf/csf.conf

Key Settings to Configure

  • TESTING = "0" — change from 1 to 0 to activate the firewall (leave at 1 during setup)
  • TCP_IN — list of allowed inbound TCP ports: "20,21,22,25,53,80,110,143,443,465,587,993,995,2082,2083,2086,2087,2095,2096"
  • TCP_OUT — outbound TCP: "20,21,22,25,53,80,110,113,443,587,993,995"
  • UDP_IN"20,21,53"
  • UDP_OUT"20,21,53,113,123"

Step 4 — Configure Login Failure Daemon (LFD)

LFD monitors logs and auto-blocks IPs that repeatedly fail authentication. Key settings:

  • LF_TRIGGER = "5" — block after 5 failures
  • LF_TRIGGER_PERM = "10" — permanently block after 10 total failures
  • LF_EMAIL_ALERT = "1" — email you when an IP is blocked
  • LF_ALERT_TO = "admin@yourdomain.com"

Step 5 — Whitelist Your IP Address

Do this before enabling CSF — otherwise you risk locking yourself out:

bash
echo "YOUR.IP.ADDRESS.HERE" >> /etc/csf/csf.allow
csf -r

Step 6 — Enable CSF

Once your IP is whitelisted, switch testing mode off and restart:

bash
sed -i 's/TESTING = "1"/TESTING = "0"/' /etc/csf/csf.conf
csf -r && systemctl restart lfd

Useful CSF Commands

bash
csf -d 192.168.1.1        # deny/block an IP
csf -a 192.168.1.1        # allow/whitelist an IP
csf -dr 192.168.1.1       # remove from deny list
csf -r                    # restart firewall rules
csf -l                    # list current iptables rules
csf -g 192.168.1.1        # search for an IP in all lists

Accessing CSF in WHM

After installation, CSF appears under WHM > Plugins > ConfigServer Security & Firewall. You can manage all settings, blocked IPs, and firewall rules from the WHM interface without touching the command line.

Conclusion

CSF is a must-have for any production cPanel server. Its LFD daemon alone blocks thousands of automated brute-force bots daily. Combine it with Imunify360 for a comprehensive security posture that covers both network-level and application-level threats.

Share this article:

WhatsApp Twitter Facebook LinkedIn