CSF (ConfigServer Security Firewall) is a popular tool for managing security and firewalls on servers, often used in environments where control panels such as ISPmanager are installed. CSF offers a variety of features to protect your server.
What does CSF do?
This comprehensive security tool for Linux-based servers can meet several user needs at once. Its key functional tasks include:
- Firewall management. Network traffic filtering allows you to block and unblock IP addresses, as well as manage access to ports and specific protocols. Users can also configure rules for incoming and outgoing traffic (T
CP_INand TCP_OUT). - Protection against brute force attacks. Login Failure Daemon tracks failed login attempts and automatically blocks IP addresses that exceed the allowed number of attempts.
- Intrusion detection. The tool analyzes system logs and detects port scanning and suspicious activity.
Protection against DDoS attacks. There is a function to limit the number of connections from a single IP address, regulate traffic speed, and overload resources.
After installing CFS, the firewall rules are rewritten. Therefore, it is important to perform the installation immediately after installing ISPManager 6. Also, manually configure the file using the /etc/csf/csf.conf function
IMPORTANT: Official support for CSF was discontinued in August 2025. Files are only available on GitHub.
How to properly install ConfigServer Security Firewall?
To install CSF, first download the archive and run the installer:
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.shAfter the installation is complete, check the operation of the CSF PERL modules:
perl /usr/local/csf/bin/csftest.plIf all modules are working correctly, the script will return the following:
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server
Immediately after that, you can make the necessary changes to the settings for the tool to work effectively. For example, you can set the following values in the /etc/csf/csf.conf file:
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,853,993,995,2077, 2078,2079,2080,2082,2083,2086,2087,2095,2096,8443,1500,35000:35999"
TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,853,873,993,995,2086,2087,2089,2703,1501”
TESTING = “0”
UI = “1”
UI_USER = “root”
UI_PASS = “passwd”
DOCKER = “1” (if you plan to use Docker, including alternative DBMS)
Then add the IP addresses from which access to the CSF web interface will be allowed to the /etc/csf/ui/ui.allow file.
After making the changes, start CSF with the command:
csf -eIn general, to install the tool correctly, you need to follow the instructions found in the CSF documentation.
What to do if CSF does not work?
There may be several reasons for this. But the most important thing for us is to check the status of the services. Run the Login Failure Daemon with the command:
systemctl status csf
systemctl status lfgIf the output says failed, you can see the reason for the error that is preventing CSF from starting. This is often due to a conflict with other firewalls. If UFW, firewalld, or other tools are installed, it is important to disable them.
Disable the autostart of third-party tools (using firewalld as an example):
systemctl stop firewalld
systemctl disable firewalldIf they have been disabled but CSF still does not start, go to the etc/csf/csf.conf file
In it, check:
- the correctness of the ports in the
TCP_IN,TCP_OUT,UDP_IN, andUDP_OUTvalues - the correctness of the syntax;
- the correctness of the paths to iptables.
If the problem still persists, reinstall CSF.