Install ConfigServer Security & Firewall (CSF/LFD) on cPanel

Estimated reading time: 2 min

What is the Config Server Firewall (CSF)?

CSF is a Stateful Packet Inspection (SPI) firewall that acts as a strong line of defense that provides security, prevents malicious attempts to access server ports, scans log files, monitors unsuccessful suspicious login attempts and suggests corrective actions.

CSF Extensions: LFD & Login Tracking

CSF has been exclusively designed to provide security to your Linux server or Virtual Private Server (VPS). CSF comes with an additional Login Failure Daemon (LFD) process that scans the log file entries periodically after every (X) second, looking for suspicious multiple failed login attempts within a certain time slot. The daemon process reacts and blocks such unauthorized IP’s. Another key feature is the “Login Tracking”, an extension of LFD, restricts the number of SSH, SMTP, POP3 and IMAP connections per IP per hour per Account.

CSF Installation

A front end UI based platform is available for both CSF and LFD, and are both accessible by the root account through cPanel, WebAdmin and DirectAdmin. The ConfigServer offers a free Web Host Manager (WHM) plugin CSF, allowing the modifications and updates of iptable rules within WHM.

1. Execute the following commands after you login as a root user to SSH.

cd /usr/src
rm -fv csf.tgz
tar -xzf csf.tgz
cd csf

2. Keep in mind that the previous existence of any other iptables firewall configuration script such as APF+BFD should be removed or at least disabled. APF is a frontend for the iptables application. Using APF, the user can avoid using iptables syntaxes needed to open and close ports. Else, the CSF installation attempt would fail with numerous conflicts.

Disable: sh /usr/local/csf/bin/
Remove: sh /usr/local/csf/bin/

Feel free to configure the csf and lfd by reading the configuration and related documentation files present at:


cPanel Configuration

For cPanel and DirectAdmin users, CSF is already preconfigured to work with cPanel ports open. When running on a non-standard port, CSF auto-configures your SSH port on installation. The default cPanel and WHM comes bundled with lot of services active and ports open. It is up to the discretion of the Server administrator or the hosting companies to uninstall such services frees the system resources and to reduce vulnerabilities through attacks.

Cpanel CSF and LFD

Cpanel CSF and LFD

To test your Firewall effectiveness, set the TESTING = 1. This blocks you from your own server. Change it back to TESTING = 0 when you are satisfied.

Cpanel CSF and LFD 02

Cpanel CSF and LFD 02

The above table shows the default cPanel port firewall combination. The TCP_IN/TCP_OUT/UDP_IN/ UDP_OUT are the list of ports that need to be open so that the server can operate. For example, if you changed the default SSH port, it is necessary to add it here. Also, while installing new software or games make sure you add the necessary ports in these lists.

Cpanel CSF and LFD 03

Cpanel CSF and LFD 03

Was this article helpful?
Dislike 0
Views: 48

Reader Interactions