Knowledge Base

Install ConfigServer Firewall on a Server

This guide will walk you through installing CSF on a VPS or Dedicated server.

Prepare the Server

After logging in via SSH (as root!), we need to download the CSF firewall itself; let's make a temporary directory called 'tmp'. Then move into it and download the latest version of CSF:

mkdir tmp
cd tmp
wget http://configserver.com/free/csf.tgz

Once CSF is downloaded, we will need to extract the archive containing it and move it into the directory it creates:

tar xf csf.tgz
cd csf

We are now ready to install CSF.

Install CSF on a Server with cPanel

CSF includes integration with control panels such as cPanel. To install it for a cPanel based server, execute the install script that is meant for cPanel:


Install CSF on a Server without cPanel

If you do not have cPanel on your server and would still like to install CSF, you can certainly do so. Execute the following command:


Configure CSF

Configuring your firewall is required for it to function correctly. Let's open the CSF configuration file:

nano /etc/csf/csf.conf

To turn the firewall on, inside the editor, navigate down until you see TESTING="1" and change it to TESTING="0".

All blocks are commented inside (a comment is a line that starts with a #) for you to understand what each section does. To add an incoming TCP port to the allow list, we would edit this variable:

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096"

To allow incoming MySQL connections, we would add 3306 to the list:

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,3306"

Press the keys CTRL + X to exit the editor when you make the changes. Press Y when it asks you if you want to overwrite the file.

Additional Documentation

You can find more info on the subject on the official website here: http://configserver.com/cp/csf.html.

Did you find this article helpful?

* Your feedback is too short