Login to your server via SSH with root user and retrieve the CSF package files using wget command.
Unpack the downloaded archive.
tar xfz csf.tgz
Navigate to the uncomperssed csf directory.
Run the installer.
It will create configuration file and add necessary cPanel services to allow list. Once firewall is installed, you will see message similar to following.
TCP ports currently listening for incoming connections: 21,22,25,53,80,110,143,443,465,993,995,2077,2078,2082,2083,2086, 2087,2095,2096,3306 UDP ports currently listening for incoming connections: 53,123 Note: The port details above are for information only, csf hasn't been auto-configured. Don't forget to: 1. Configure the TCP_IN, TCP_OUT, UDP_IN and UDP_OUT options in the csf configuration to suite your server 2. Restart csf and lfd 3. Set TESTING to 0 once you're happy with the firewall Adding current SSH session IP address to the csf whitelist in csf.allow: Adding 10.30.6.17 to csf.allow only while in TESTING mode (not iptables ACCEPT) *WARNING* TESTING mode is enabled - do not forget to disable it in the configuration Installation Completed
Start CSF testing mode by following command.
systemctl start csf
Once you finish the testing, bring CSF out of testing mode by editing csf.conf file. Open this file in any editor of your choice. We have used nano editor to edit this file as follows.
At top of this file, you will find following text block.
# server! Then do remember to set it to 0 and restart csf when you're sure # everything is OK. Stopping csf will remove the line from /etc/crontab TESTING = "1"
Edit the last line of this block and save the changes.
TESTING = "0"
Restart the CSF. That's it, your CSF firewall is up and running.
systemctl restart csf