ConfigServer Security & Firewall (CSF) is one of the most powerful, flexible, and widely used firewall suites for Linux servers. It offers advanced protection features with easy setup, especially on VPS and dedicated servers. Whether you're securing SSH, blocking brute force, or managing IP whitelists, CSF gives fine-grained control over server traffic.

Note: This tutorial is intended only for VPS or Dedicated Server environments.

Step-by-Step Guide to Installing CSF on Linux VPS

Step 1: Log in via SSH as root. Open your terminal and log in to your Linux server using the root user.

Step 2: Download the CSF installation package

# wget https://download.configserver.com/csf.tgz

Step 3: Extract the downloaded archive

# tar xfz csf.tgz

Step 4: Navigate to the CSF directory

# cd csf

Step 5: Run the CSF installer

# sh install.sh

The installer will generate the necessary configuration files and automatically add standard cPanel services to the allowlist. Once complete, you'll see something like:

TCP ports currently listening for incoming connections:
21, 22, 25, 53, 80, 110, 143, 443, 465, 993, 995, 2077, 2078, 2082, 2083, 2086, 2087, 2095, 2096, 3306
UDP ports currently listening for incoming connections:</strong
53, 123
Note: These are just listed ports. CSF is not auto-configured yet.

Post-Installation Configuration

Step 6: Update CSF Configuration. Edit the following settings in the CSF config file:

TCP_IN, TCP_OUT
UDP_IN, UDP_OUT

Adjust them according to your server’s needs.

Step 7: Restart CSF and LFD

# systemctl restart csf
# systemctl restart lfd

Step 8: Add your current SSH IP to the whitelist CSF adds your IP (e.g., 10.30.6.17) to the csf. Allow the file temporarily while in TESTING mode.

Disabling Testing Mode & Finalizing Setup

Step 9: Start CSF in testing mode

# systemctl start csf

Step 10: Edit the CSF config to disable testing. Open the config file in an editor (example: Nano):

# nano /etc/csf/csf.conf

Step 11: Find and edit the following line:

TESTING = "1"
Change it to:
TESTING = "0"

Save and exit the file.

Step 12: Restart CSF to apply changes

# systemctl restart csf

Conclusion:

CSF is now fully installed, configured, and running in production mode on your Linux VPS. This firewall now helps monitor open ports, manage IP traffic, and boost your server’s security posture—all while giving you control and flexibility.

Get Linux VPS Hosting »
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How To Configure the Apache Web Server on an Ubuntu or Debian VPS

Apache is one of the internet's most favoured web servers, serving over half of all active...
Locations of Common Log Files and Configuration Files for cPanel Services

This article covers the configuration files and the log file locations of the most common cPanel...
Fix: Exim error-exim dead but subsys locked

The error “Exim dead but subsys locked” is a common message on Linux servers that use Exim as the...
How to Sync Time using NTP in the Ubuntu Server?

Linux server users might notice that even after manually setting the correct system time, it...
How to Generate a Certificate Signing Request (CSR) with OpenSSL?

Generating a Certificate Signing Request (CSR) is a critical step when setting up SSL for a web...