Installing CSF (ConfigServer Firewall) on a server Print

This guide will walk you through installing CSF on a VPS/Dedicated server.

Preparing the server

After logging in via SSH (as root!) we will need to download the CSF firewall itself, let's make a temporary directory called "tmp" first and then move into it and download latest version of CSF:

mkdir tmp
cd tmp
wget http://configserver.com/free/csf.tgz

Once CSF is downloaded, we will need to extract the archive containing it and move into the directory it creates:

tar xf csf.tgz
cd csf

We are now ready to install CSF.

Installing CSF on a server with cPanel

CSF includes integration with control panels such as cPanel, in order to install it for a cPanel based server, we would execute the install script that is meant for cPanel.

./install.cpanel.sh

Installing CSF on a server without cPanel

If you do not have cPanel on your server and would still like to install CSF, you can certainly do so. Execute the following command:

./install.sh

Configuring CSF - allowing ports

Configuring your firewall is required for it to function correctly. Let's open the CSF configuration file:

nano /etc/csf/csf.conf

To turn the firewall on, inside the editor, navigate down until you see TESTING="1" and change it to TESTING="0".

All blocks are commented inside (a comment is a line that starts with a #) for you to understand what each section does, for example to add a incoming TCP port to the allow list, we would edit this variable:

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096"

To allow incoming MySQL connections we would add 3306 to the list:

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,3306"

When you make the changes, hit CTRL+X to exit the editor and press Y when it asks you if you want to overwrite the file.

Additional documentation

You can find more info on the subject on the official website here: http://configserver.com/cp/csf.html