Install ConfigServer Firewall On A cPanel Server

Install ConfigServer Firewall On A cPanel Server

ConfigServer Firewall (CSF) is a popular Linux firewall security suite. It is easy to install, flexible to configure and secure with extra checks. CSF helps control exactly how much traffic is allowed in and out of the server to protect the server from malicious attack. It can also specify the type of traffic that comes in.

The CSF installation includes control panel user interface available via WHM, and login failure daemon process (lfd) that runs periodically to scan the latest log file entries for login attempts that continually fail within a short period of time. Such attempts are often called “Brute-force attacks” and the daemon process responds very quickly to such patterns and blocks offending IPs quickly.

See the end of this article for command-line instructions.

Log into your server via ssh or via console to get started with CSF installation.

Change to temp directory:

 # cd /tmp


Download the file:

Unpack the archive:

# tar xfz csf.tgz


Navigate to the uncompressed csf directory:

# cd csf

Run the installer:

# sh

This will create a configuration file and add all required cPanel services to the allow list.

Next, disable testing mode by editing the main CSF configuration file. Open the file using any editor (vi, nano, etc):

# nano /etc/csf/csf.conf

Scroll down and find: TESTING = “1” and change to TESTING = “0”

Note: keep the quotations (“”) enclosing the number.

To save, press ‘Ctrl O’.

Hit ‘Enter’ when your screen asks “File Name to Write: /etc/csf/csf.conf”.

Next, hit ‘Ctrl X’ to exit.

When done, restart CSF:

# csf -r


Now CSF is installed and ready. You can simply manage it via cPanel WHM interface WHM > Config Security & Firewall.

OR via command-line:


In the event that you need to allow/block IP address using command line, the options are as follows:

To add your IP address to a permanent allow list:

# csf -a

To block the IP:

# csf -d


To clear blocked IPs:

# csf -f

Additional Options:

Via Command line you can type: csf -[option]

Commands to Know:

cd = change directory

cd ../ = change up a directory

wget  = fetches a download link

tar  = tar is to uncompress archived files

csf = run commands for the csf firewall followed by an option

ls = list, which shows the contents in the directory you’re in.

pwd = shows the directory you’re currently in.

For more information about CSF, see:

For more information about Basic linux Commands


    • Related Articles

    • Configuring SMTP Relay Server

      If you have been affected by the recent block of outgoing mail on port 25 for our SoftLayer locations (Singapore, San Jose, Dallas, Washington DC and Seattle), you will be able to use the following to configure another server in Salt Lake City, New ...
    • How To Resolve cPanel Large Number of Failed Login Attempts from IP Error

      What Does This Message Mean? How To Resolve The Issue If you have received the following message from your server: ———————————————————— Subject: Large Number of Failed Login Attempts from IP ———————————————————— 5 failed login attempts to ...
    • How to create Cloud Server with Windows OS?

      Log in to your account at Open the dashboard and access the Cloud Servers section as outlined below. You can select Cloud Servers section in the upper toolbar, follow the quick link My Cloud Servers, or go to the box ...
    • How To Secure A Server in 4 Simple Steps

      How To Secure A Server in 4 Simple Steps Category: Getting Started &nbsp You can make your server more secure in 4 simple steps… One of the most important things you’ll need to do with your server, once you gain access, is to secure it. It’s an ...
    • Managing Firewall for your system

      Managing Firewall for your system Category: Template Information &nbsp The system firewall is based on iptables. Please read about iptables at Netfilter page. Make sure you are root while running commands below In general your sytem firewall is ...