Install CSF (ConfigServer Firewall) on Linux

Share It!

Config Server Firewall (or CSF) is a free and advanced firewall for linux. It is easy to Install CSF (ConfigServer Firewall) on Linux, it’s flexible to configure and secure with additional checks. CSF controls exactly what trafFic is permitted all through the server and protect the server from malicious attack.

See Also:

  • Use of CSF Firewall in Linux
  • Block Countries using CSF Firewall On Linux
  • How to Block Traffic from Certain Countries
  • CSF can be completely designed to block/restrict ports you don’t need open. CSF includes the Login Failure Daemon (LFD), which will scan log files and monitor failed login attempts, for example, login attempts for FTP and E-Mail records, and it will block the IP as per the rules you have setup. CSF likewise offers Connection Limiting, Real Time Block Lists and Port Scan tracking and much more.

    CSF can be easily managed from within its GUI, which is fully compatible with DirectAdmin, CPanel, and WebMin/Virtualmin.


    • Login authentication failure daemon: The following applications are supported by this feature:
      • Courier imap, Dovecot, uw-imap, Kerio
      • openSSH
      • cPanel, WHM, Webmail (cPanel servers only)
      • Pure-ftpd, vsftpd, Proftpd
      • Password protected web pages (htpasswd)
      • Mod_security failures (v1 and v2)
      • Suhosin failures
      • Exim SMTP AUTH
    • Process tracking
    • Directory watching
    • Messenger service
    • Port flood protection
    • Port knocking
    • Connection limit protection
    • Port/IP address redirection
    • UI integration
    • IP block lists

    Follow below steps to install CSF Firewall:

    Step #1: Download and Extract CSF Firewall

    Download the CSF source code archive and extract it on server:

    # cd /opt
    # wget
    # tar xzf csf.tgz

    Step #2: Install CSF Firewall

    After extractind the archive file simply install the CSF Firewall using installer script:

    # cd csf
    # sh

    Step #3: Basic Configuration to Enabling CSF Firewall

    The CSF firewall can be fully enabled by setting in CSF configuration file.

    # vim /etc/csf/csf.conf

    Find Below line in CSF configuration:


    Replace it with below line:


    Step 4: Test iptables modules

    Run the perl script to verify to check all the required iptables modules are installed.

    # perl /usr/local/csf/bin/
    Testing ip_tables/iptable_filter...OK
    Testing ipt_LOG...OK
    Testing ipt_multiport/xt_multiport...OK
    Testing ipt_REJECT...OK
    Testing ipt_state/xt_state...OK
    Testing ipt_limit/xt_limit...OK
    Testing ipt_recent...OK
    Testing xt_connlimit...OK
    Testing ipt_owner/xt_owner...OK
    Testing iptable_nat/ipt_REDIRECT...OK
    Testing iptable_nat/ipt_DNAT...OK
    RESULT: csf should function on this server

    Step #5: Restart CSF

    Now restart CSF Firewall to make new changes.

    # csf -r

    If you see an error about libwww not being installed you can install it with yum or cpan:

    # yum install perl-libwww-perl
    # perl -MCPAN -e 'install Bundle::LWP'

    ConfigServer Services

    Enjoy it!

    No Responses

    Leave a Reply

    Your email address will not be published.