Install ConfigServer Security & Firewall (CSF/LFD) on cPanel

Estimated reading time: 2 min


CSF is a Stateful Packet Inspection (SPI) firewall that acts as a strong line of defense that provides security, prevents malicious attempts to access server ports, scans log files, monitors unsuccessful suspicious login attempts and suggests corrective actions.

CSF Extensions: LFD & Login Tracking

CSF has been exclusively designed to provide security to your Linux server or Virtual Private Server (VPS). CSF comes with an additional Login Failure Daemon (LFD) process that scans the log file entries periodically after every (X) second, looking for suspicious multiple failed login attempts within a certain time slot. The daemon process reacts and blocks such as unauthorized IP’s. Another key feature is the “Login Tracking”, an extension of LFD, restricts the number of SSH, SMTP, POP3 and IMAP connections per IP per hour per Account.

CSF Installation

A front end UI based platform is available for both CSF and LFD, and are both accessible by the root account through cPanel, WebAdmin, and DirectAdmin. The ConfigServer offers a free Web Host Manager (WHM) plugin CSF, allowing the modifications and updates of iptable rules within WHM.

Step 1: Login and run the commands

Execute the following commands after you login as a root user to SSH.

cd /usr/src
rm -fv csf.tgz
tar -xzf csf.tgz
cd csf

Step 2: Remove or disable previous APF+BFD script

Keep in mind that the previous existence of any other iptables firewall configuration script such as APF+BFD should be removed or at least disabled. APF is a frontend for the iptables application. Using APF, the user can avoid using iptables syntaxes needed to open and close ports. Else, the CSF installation attempt would fail with numerous conflicts.

Disable: sh /usr/local/csf/bin/
Remove: sh /usr/local/csf/bin/

Feel free to configure the csf and lfd by reading the configuration and related documentation files present at:


cPanel Configuration

For cPanel and DirectAdmin users, CSF is already preconfigured to work with cPanel ports open. When running on a non-standard port, CSF auto-configures your SSH port on installation. The default cPanel and WHM come bundled with a lot of services active and ports open. It is up to the discretion of the server administrator or the hosting companies to uninstall such services frees the system resources and reduce vulnerabilities through attacks.

Step 4: Testing Firewall effectiveness

Cpanel CSF and LFD

To test your Firewall effectiveness, set the TESTING = 1. This blocks you from your own server. Change it back to TESTING = 0 when you are satisfied.

Cpanel CSF and LFD 02

The above table shows the default cPanel port firewall combination. The TCP_IN/TCP_OUT/UDP_IN/ UDP_OUT is the list of ports that need to be open so that the server can operate. For example, if you changed the default SSH port, it is necessary to add it here. Also, while installing new software or games make sure you add the necessary ports in these lists.

Cpanel CSF and LFD 03


Congratulations, you have successfully installed ConfigServer & Firewall.

Was this article helpful?
Dislike 0
Views: 2617

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *