How to Open Ports in CSF Firewall on a Dedicated/VPS Server
How to Open Ports in CSF Firewall on a Dedicated/VPS Server
By default all the port will be open on a Linux Server. We can open and close specific ports in CSF firewall either through server backend or through frontend.
Steps to Open Ports in CSF Firewall on a Dedicated/VPS Server
If your website is hosted on a shared server you can’t open ports in CSF firewall because you don’t have access to the server. If your website is hosted on a shared server and if you want to open a specific port you can contact your webhosting company and they will open the port for you.
If your website is hosted on a VPS/Dedicated Server, you will have root access to the server. Do the below steps to open server port via SSH
1. Login to your VPS/dedicated server via SSH using root password.
2. First take a backup of the CSF configuration file before making any changes in it.
Command to take backup of CSF configuration file :
[root@server ~]# cp -a /etc/csf/csf.conf /etc/csf/csf.conf.bakk
3. Open CSF configuration file using a vi editor
[root@server ~]# vi /etc/csf/csf.conf
4. Edit the below line in CSF configuration and add the port you want to allow.
# Allow incoming TCP ports
TCP_IN=10000
I have opened incoming port 10000 on the server.
5. Save the CSF configuration file and exit.
6. Don’t forget to restart csf after making this change.
[root@server /]# csf -r
OR
[root@server /]# service csf restart
# Allow incoming TCP ports
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995”
# Allow outgoing TCP ports
TCP_OUT = “20,21,22,25,53,80,110,113,443,587,993,995”
# Allow incoming UDP ports
UDP_IN = “20,21,53”
# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = “20,21,53,113,123”
TCP_IN – Add the port at the end of this line for allowing incoming TCP ports
TCP_OUT – Add the port at the end of this line for allowing outgoing TCP ports
UDP_IN – Add the port at the end of this line for allowing incoming UDP ports
UDP_OUT – Add the port at the end of this line for allowing outgoing UDP ports
You can also add port range in CSF firewall.

How to open port in CSF firewall
How to Close/Block a Port in CSF firewall
Removing the port number from the lines TCP_IN, TCP_OUT, UDP_IN, UDP_OUT will block the port. You must restart the firewall after making any changes
Example : Removing 53 from the line “UDP_IN” will close the incoming UDP port 53.
UDP_IN = “20,21,53”