Use CSF (ConfigServer Security & Firewall) on a Linux server to enhance your system’s security with a comprehensive, easy-to-manage firewall solution. CSF is a popular, advanced firewall configuration tool based on iptables that provides intrusion detection and security features. It is commonly used on Linux servers, including CentOS, Ubuntu, and Debian, often integrated with control panels like cPanel or WHM.
This guide explains how to install, configure, manage, and use CSF firewall on your Linux server to protect it from unauthorized access, brute-force attacks, port scanning, and other network threats.
Prerequisites
- A Linux server running a supported distribution like CentOS, AlmaLinux, Ubuntu, or Debian
- Root or sudo privileges to install and configure the firewall software
- Terminal or SSH access to the Linux server
- Basic familiarity with Linux command-line operations
Use CSF Firewall on Linux
ConfigServer Security & Firewall (CSF) is a powerful and user-friendly firewall tool designed to secure Linux servers. It offers advanced features like login tracking, brute-force protection, and integration with popular control panels like cPanel and Webmin. With CSF, you can easily manage iptables rules, set alerts, and enforce strict access controls—all from a simple interface or command line.
Install Required Dependencies
Before installing CSF, ensure your system has the required Perl libraries:
sudo yum install perl-libwww-perl perl-Time-HiRes -y # CentOS/RedHat
sudo apt install libwww-perl libtime-hires-perl -y # Ubuntu/DebianDownload and Extract CSF Firewall
Navigate to a directory such as /usr/src/ or /root/ and download the latest CSF package:
cd /usr/src/
sudo wget https://download.configserver.com/csf.tgzExtract the archive:
sudo tar -xzf csf.tgz
cd csfInstall CSF Firewall
Run the installation script:
sudo sh install.shThe script will install CSF and Login Failure Daemon (LFD) services.
Verify IPtables and System Compatibility
Check if your system supports the iptables modules needed by CSF:
sudo perl /usr/local/csf/bin/csftest.plIf you see “RESULT: csf should function on this server,” you are good to go.
Disable Conflicting Firewalls (If Any)
If your server uses firewalld or another firewall, stop and disable it to avoid conflicts with CSF:
sudo systemctl stop firewalld
sudo systemctl disable firewalldConfigure CSF Settings
Edit the main CSF configuration file:
sudo nano /etc/csf/csf.confKey settings to check or update:
- Disable Testing Mode:
Find the lineTESTING = "1"and change it toTESTING = "0"
to enable CSF enforcement. - Allow Incoming TCP Ports:
EditTCP_INto include essential ports, e.g.:TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995" - Allow Outgoing TCP Ports:
ModifyTCP_OUTas needed, e.g.:TCP_OUT = "20,21,22,25,53,80,110,113,443" - Allow Incoming/Outgoing UDP Ports:
Set as per your server requirements, e.g.:UDP_IN = "20,21,53"andUDP_OUT = "20,21,53,113,123"
Save and exit the editor.
Start and Enable CSF and LFD Services
Start the firewall and intrusion detection daemon:
sudo systemctl start csf
sudo systemctl start lfdEnable services to start on boot:
sudo systemctl enable csf
sudo systemctl enable lfd- Restart CSF to Apply Changes
Restart the CSF firewall to load your new configuration:
sudo csf -rBasic CSF Commands
- Restart CSF and LFD:
sudo csf -r
sudo systemctl restart lfd- Allow an IP address:
sudo csf -a 1.2.3.4- Block an IP address:
sudo csf -d 1.2.3.4- Check CSF status:
sudo csf -lManage CSF via Web Interface (Optional with WHM/cPanel)
If your server uses WHM/cPanel, CSF can be managed via the WHM plugin under:
WHM » Plugins » ConfigServer Security & FirewallThis interface allows easy viewing of logs, changing settings, and restarting the firewall with GUI controls.
Conclusion
To use CSF firewall on a Linux server, install CSF and LFD packages, configure the firewall rules in /etc/csf/csf.conf, disable conflicting firewalls, and enable CSF and LFD services to protect your server against common network threats. Regularly update your allowed ports and IP lists to maintain both accessibility and security. CSF provides robust intrusion detection coupled with firewall management, making it a popular choice for Linux server security. For comprehensive official information, documentation, and updates, visit the ConfigServer Security & Firewall official site.
