ConfigServer Security & Firewall (CSF) is one of the most widely used stateful packet inspection firewalls for Linux servers. It integrates natively with cPanel/WHM and provides a powerful web UI, brute-force detection via Login Failure Daemon (LFD), port-knocking, rate limiting, and much more. This guide covers the complete installation and initial configuration on both bare CentOS/RHEL servers and cPanel-managed servers.
Prerequisites
- CentOS 6/7/8, RHEL, CloudLinux, or Ubuntu server
- Root SSH access
wget,perl, andiptablesinstalled- On cPanel servers: WHM access for the CSF plugin UI
Step 1: Download the CSF Package
Navigate to the /tmp directory and download the latest CSF tarball directly from the official ConfigServer source:
cd /tmp
wget https://download.configserver.com/csf.tgzStep 2: Extract and Run the Installer
Extract the archive and run the installation script. The installer automatically detects whether cPanel is present and installs the WHM plugin accordingly:
tar -xzf csf.tgz
cd csf
sh install.shThe installer will:
- Install CSF and LFD (Login Failure Daemon)
- Detect and configure cPanel/WHM integration if present
- Install the CSF WHM plugin under WHM → Plugins → ConfigServer Security & Firewall
- Place the main config file at
/etc/csf/csf.conf
Step 3: Test the CSF Installation
Run the built-in test script to verify that all required kernel modules are available and working correctly:
perl /usr/local/csf/bin/csftest.plA successful installation produces the following output — all modules should show OK:
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this serverIf any module shows FAILED, that kernel module is not loaded. On OpenVZ or some VPS platforms, certain modules may be unavailable — contact your hosting provider to have them enabled at the hypervisor level.
Step 4: Configure CSF
Before enabling CSF in production mode, review and update the main configuration file:
nano /etc/csf/csf.confKey settings to review:
- TESTING = "1" — CSF starts in testing mode by default (auto-flushes rules every 5 minutes). Change to
TESTING = "0"only after you have confirmed your SSH and management ports are open. - TCP_IN / TCP_OUT — Comma-separated list of allowed inbound/outbound TCP ports. Ensure port 22 (SSH) and any custom SSH port are listed before disabling testing mode.
- LF_TRIGGER — Controls how many login failures before an IP is blocked. Default is 10; lower this to 5 for tighter security on public servers.
Step 5: Allow Your IP and Disable Testing Mode
Add your management IP to the whitelist so you cannot accidentally lock yourself out, then disable testing mode and restart:
# Add your IP to the permanent allow list
echo "YOUR.MANAGEMENT.IP.HERE" >> /etc/csf/csf.allow
# Disable testing mode in csf.conf
sed -i 's/TESTING = "1"/TESTING = "0"/' /etc/csf/csf.conf
# Restart CSF and LFD
csf -r
service lfd restartUseful CSF Commands
| Command | Description |
|---|---|
csf -r | Restart CSF and reload all rules |
csf -l | List current iptables rules applied by CSF |
csf -d [IP] | Permanently block (deny) an IP address |
csf -a [IP] | Permanently allow an IP address |
csf -df [IP] | Remove an IP from the deny list |
csf -g [IP] | Check if an IP is currently blocked |
csf -x | Disable CSF (flush all rules) |
csf -e | Re-enable CSF |
How to Disable IPv6 on CentOS 6.x Servers
IAMEM HOSTING HOSTHow to Disable SELinux on RHEL and CentOS Linux
IAMEM HOSTING HOST