ConfigServer Security & Firewall (CSF) is an advanced firewall solution for Linux servers. It integrates seamlessly with cPanel/WHM, providing a robust security layer against various threats. This guide will walk you through the installation and configuration process of CSF on your server.

Step 1: Installing CSF

  1. Pre-Installation Cleanup: Ensure no conflicting firewalls are installed. Remove existing firewalls like APF or FirewallD:
    systemctl stop firewalld
    systemctl disable firewalld
    rpm -e apf-9.7
  2. SSH into Your Server: Access your server as the root user:
    ssh root@your_server_ip
  3. Download and Install CSF: Fetch and install CSF from the official source:
    cd /usr/src
    tar -xzf csf.tgz
    cd csf
  4. Verify Installation: Confirm CSF installation:
    csf -v

Step 2: Configuring CSF for cPanel/WHM

  1. Configure Firewall Settings: Edit the CSF configuration for basic settings:
    nano /etc/csf/csf.conf

    Alternatively, you can use the WHM interface, which we will be using in this guide. Log in to WHM and, in the left menu, search for “ConfigServer Security and Firewall.

    The image is a scerenshot of WHM showing ConfigServer Security and Firewall cPanel Plugin

    You will then see the main CSF interface. Scroll down until you find a button labeled ‘Firewall Configuration’ and click on it.

    The screenshot of ConfigServer-Security-and-Firewall-WHM-Interface

  2. Configure standard ports and enable essential services: Set the following firewall rules to control inbound and outbound traffic:
    TCP_IN = "22,80,443"
    TCP_OUT = "22,80,443"
    UDP_IN = "53"
    UDP_OUT = "53"
  3. Enable CSF and LFD: Start CSF and its companion daemon, LFD:
    csf -s
    csf -e
  4. Integrate with WHM: Activate CSF within the WHM interface for easier management:
    LF_CPANEL = "1"
  5. Restart to Apply Changes: Apply the configuration changes by restarting CSF:
    csf -r

Step 3: Managing CSF in cPanel/WHM

  1. Access CSF Configuration Panel: Locate CSF within the WHM plugins section:
    WHM » Plugins » ConfigServer Security & Firewall
  2. Monitoring and Logs: Regularly check the CSF logs to monitor firewall activity:
    cat /var/log/lfd.log
  3. Whitelist Your IPs: Efficient management of IP whitelisting is crucial for seamless server operation:
    Editing via Linux Shell:
    Directly edit the allow and ignore lists to manage IP whitelisting:

    nano -w /etc/csf/csf.allow
    nano -w /etc/csf/csf.ignore or vi /etc/csf/csf.deny (In centos systems)

    Add entries like:

     # Home office
     # Remote developer
  4. Using WHM Interface: For ease of use, manage IPs via the WHM interface:The screenshot containing WHM-ConfigServer-Security-and-Firewall-Allow-Whitelist-IPs

    You can specify as many IPs as needed, ensuring they are static IPs. For instance, you might use the static IP of your office or the IP of your remote web developer, as demonstrated in the example below.

    WHM » Plugins » ConfigServer Security & Firewall » Firewall Allow IPs
  5. Apply Changes: Ensure changes take effect by restarting CSF:
    csf -r
  6. Verifying Connectivity: Test and verify that whitelisted IPs have appropriate access:
    tail -f /var/log/lfd.log
  7. Advanced Configuration and Management: Implement measures to protect against DDoS attacks:
    SYNFLOOD = "1"
    SYNFLOOD_RATE = "60/s"
    PORTFLOOD = "80;tcp;80;5"
  8. Command Line Management: Use CSF’s extensive command options for detailed management and troubleshooting:
    csf --status
    csf --disable
    csf --enable
    csf --restart

Best Practices:

Maintain a strict whitelist policy, regularly updating and specifying only necessary IP addresses to minimize security risks.


By following these steps, your cPanel/WHM server will be well-protected with CSF, offering advanced firewall capabilities and easy management through WHM. For more expert tips and comprehensive hosting solutions, contact Netrouting. Continue to explore additional CSF features and configurations to enhance your server’s security posture further.

Need help?

Find answers quick, talk to us on live chat.

Start Live Chat