How to Install CSF firewall on a cPanel Server

How to Install CSF firewall on a cPanel Server

ConfigServer Security & Firewall (CSF) is a free server firewall developed by ConfigServer Services (configserver.com). This firewall can be installed on CentOS, Redhat, Cloudlinux, Fedora, OpenSuse, Debian, Ubuntu and Slackware linux Distributions. This Firewall provide user interface for cPanel, Webmin and directadmin webhosting control panel users so the firewall can be easily managed from within the control panel.

This firewall provides SYN flood protection, Ping of death protection, SSH and su login notifications, Email sending scripts, suspicious user and process tracking, intrusion detection, Port scan tracking and blocking, Port flooding detection, DDoS protection, Bruteforce attack protection etc. There are many other features included in this linux firewall.
 

How to Install ConfigServer Security & Firewall (CSF) on VPS and Dedicated Servers

You must have server root access to install CSF firewall.

1. Log into Linux server via SSH as ‘root’

2. Change Directory to /usr/local/src to download CSF tar file

cd /usr/local/src

3. Download CSF firewall from ConfigServer Services website using wget command
 

[root@server src]# cd /usr/local/src
[root@server src]# wget https://download.configserver.com/csf.tgz
–2017-03-02 22:14:21– https://download.configserver.com/csf.tgz
Resolving download.configserver.com (download.configserver.com)
Connecting to download.configserver.com (download.configserver.com)

Saving to: ‘csf.tgz’

2017-03-02 22:14:25 (537 KB/s) – ‘csf.tgz’ saved [1465408/1465408]

 
4. Run “tar -xvzf csf.tgz” to extract the downloaded files

tar -xvzf csf.tgz

5. Change to ‘csf’ directory

cd csf

6. Run the install script

sh install.sh

7. Run “sh remove_apf_bfd.sh” to remove APF firewall (If APF it is installed on the server)

sh remove_apf_bfd.sh

8. Run “csf -s” to start the CSF firewall.

csf -s
 

How to open TCP and UDP ports in CSF firewall

After CSF installation you must open the necessary ports in the firewall configuration file. Firewall configuration file is /etc/csf/csf.conf.

You must always take a backup of /etc/csf/csf.conf file before editing the file.

Run the below command to take a backup of CSF configuration file

cp -a /etc/csf/csf.conf /etc/csf/csf.conf.backup

Edit “/etc/csf/csf.conf” file using vi editor and add the necessary TCP and UDP ports

# Allow incoming TCP ports
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096”

# Allow outgoing TCP ports
TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,993,995,2086,2087,2089,2703”

# Allow incoming UDP ports
UDP_IN = “20,21,53”

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = “20,21,53,113,123,873,6277,24441”

TCP_IN is the list of incoming TCP ports
TCP_OUT is the list of outgoing TCP ports
UDP_IN is the list of incoming UDP ports
UDP_OUT is the list of outgoing UDP ports

Enter the port number separated by comma. Restart the firewall after entering all the ports.

Command to restart the firewall : csf -r
 

How to Disable Testing mode in CSF

After CSF installation the firewall will be in TESTING mode. Make sure you’re able to SSH to the server from outside before disabling TESTING mode.

1. Edit csf.conf file using vi editor and change the below line

TESTING = “1” (Testing mode Enabled)

to

TESTING = “0” (Testing mode Disabled)

2. Save the file and exit.

3. Run the command “csf -r” to restart the firewall
 

How to Uninstall/Remove CSF firewall

1. Log into your linux server via SSH as ‘root’ user

2. Go to “/etc/csf” directory

3. Run the below command to remove CSF firewall

sh uninstall.sh

OR

/usr/local/csf/bin/uninstall.sh