What is CSF?
CSF (ConfigServer Security Firewall) is the most widely used firewall on servers with cPanel/WHM. It protects your server by blocking malicious IPs, preventing brute-force attacks, and controlling which ports are open.
Install CSF
cd /usr/src
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Important Ports to Keep Open
Edit /etc/csf/csf.conf and ensure you have these ports in TCP_IN and TCP_OUT:
- 20, 21 — FTP
- 22 — SSH
- 25, 465, 587 — Email (SMTP)
- 80, 443 — Web (HTTP/HTTPS)
- 110, 995 — POP3
- 143, 993 — IMAP
- 2082, 2083 — cPanel
- 2086, 2087 — WHM
Basic CSF Commands
csf -r # Restart firewall
csf -s # Start firewall
csf -f # Stop firewall (emergency)
csf -a 1.2.3.4 # Allow IP
csf -d 1.2.3.4 # Block IP
csf -dr 1.2.3.4 # Unblock IP
csf -s # Start firewall
csf -f # Stop firewall (emergency)
csf -a 1.2.3.4 # Allow IP
csf -d 1.2.3.4 # Block IP
csf -dr 1.2.3.4 # Unblock IP
Activate Non-TESTING Mode
By default, CSF starts in TESTING mode (it deactivates every 5 min). When you are ready, in /etc/csf/csf.conf change:
TESTING = "0"
Then restart: csf -r
⚠️ Before exiting TESTING mode: Make sure your IP is in the whitelist (
/etc/csf/csf.allow) to avoid blocking yourself.