Install CSF (ConfigServer Firewall) on Linux

Config Server Firewall (or CSF) is a free and advanced firewall for Linux. It is easy to Install CSF (ConfigServer Firewall) on Linux, it’s flexible to configure and secure with additional checks. CSF controls exactly what traffic is permitted all through the server and protect the server from malicious attack.
ConfigServer Firewall

See Also:

CSF can be completely designed to block/restrict ports you don’t need open. CSF includes the Login Failure Daemon (LFD), which will scan log files and monitor failed login attempts, for example, login attempts for FTP and E-Mail records, and it will block the IP as per the rules you have setup. CSF likewise offers Connection Limiting, Real-Time Block Lists, and Port Scan tracking and much more.

CSF can be easily managed from within its GUI, which is fully compatible with DirectAdmin, CPanel, and Webmin/Virtualmin.


  • Login authentication failure daemon: The following applications are supported by this feature:
    • Courier IMAP, Dovecot, UW-IMAP, Kerio
    • openSSH
    • cPanel, WHM, Webmail (cPanel servers only)
    • Pure-ftpd, vsftpd, Proftpd
    • Password protected web pages (htpasswd)
    • Mod_security failures (v1 and v2)
    • Suhosin failures
    • Exim SMTP AUTH
  • Process tracking
  • Directory watching
  • Messenger service
  • Port flood protection
  • Port knocking
  • Connection limit protection
  • Port/IP address redirection
  • UI integration
  • IP block lists

Follow below steps to install CSF Firewall:

Step #1: Download and Extract the CSF Firewall

Download the CSF source code archive and extract it on the server:

# cd /opt
# wget
# tar xzf csf.tgz

Step #2: Install CSF Firewall

After extracting the archive file simply install the CSF Firewall using installer script:

# cd csf
# sh

Step #3: Basic Configuration to Enabling CSF Firewall

The CSF firewall can be fully enabled by setting in CSF configuration file.

# vim /etc/csf/csf.conf

Find Below line in CSF configuration:


Replace it with below line:


Step 4: Test iptables modules

Run the Perl script to verify to check all the required iptables modules are installed.

# perl /usr/local/csf/bin/
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

Step #5: Restart CSF

Now restart CSF Firewall to make new changes.

# csf -r

If you see an error about libwww not being installed you can install it with yum or cpan:

# yum install perl-libwww-perl
# perl -MCPAN -e 'install Bundle::LWP'

ConfigServer Services

Enjoy it!

No Responses

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.