Saturday, June 19, 2010

Install CSF Firewall for Cpanel

SkyHi @ Saturday, June 19, 2010

CSF firewall commonly known as Configserver Security and Firewall has become one of the popular firewall not just because of its easy of use it also provides a cpanel interface and can be easily installed and tuned by any novice users. If you are running cpanel without firewall then CSF firewall is very much recommended, considering the security aspects of your server.

You can visit the CSF firewall website for more information.

You can also download necessary files there.

Important Features

* WHM Interface for CPanel

* Firewall Running Status

* Easy to Install and Administer

* Brute Force Attack Prevention

* One Click Server Security Checks

* Port scan prevention and blocking

* Intrusion detection system

* Easy Installation and Configuration

* IP Blocking and more..

Let us prepare a linux based server running with cpanel. Note that CSF firewall requires to remove any currently running IP based firewall (APF or other IP tables firewall). It comes with all necessary scripts that will remove APF or IP tables firewall.

Installation Steps

1. Download the package here


wget <<path_of_tgz_file>>

2. Untar it


tar -zxf csf.tgz

3. Run the Install script.


sh csf/

Thats it! wait until the script ends!

4. Remove APF or IPTables Firewall

If you have any existing IP tables firewall remove them using uninstall scripts located at /etc/csf. In this case i was running APF firewall and BFD in my server so i have to remove it.


sh /etc/csf/

5. Start the Firewall in Testing Mode

Start the firewall with the following command.


csf -s<br />// start the firewall<br />csf -r<br />// restart the firewall<br />csf -f<br />// flush the rules or stop the firewall.

If you are running a VPS plan, then you might get the error like this

"iptables LKM ip_tables missing so this firewall cannot function unless you enable MONOLITHIC_KERNEL in /etc/csf/csf.conf

Error: aborted, at line 156"

To fix:

Open the /etc/csf/csf.conf and look for a line MONOLITHIC_KERNEL = "0" and change to MONOLITHIC_KERNEL = "1"

Thats all! Now restart the firewall.

7. Specify which ports you want to allow.

It is very important to check the firewall on which ports to open and close all remaining port numbers. Open the /etc/csf/csf.conf and edit the following line with port numbers

# Allow incoming TCP ports

TCP_IN = "20,21,22,25,53,80,110,143,443,465,953,993,995,207 7,2078,2082,2083,2087"

# Allow outgoing TCP ports

TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,953,2 087,2089,2703"

# Allow incoming UDP ports

UDP_IN = "20,21,53,953"

# Allow outgoing UDP ports

# To allow outgoing traceroute add 33434:33523 to this list

UDP_OUT = "20,21,53,113,123,873,953,6277"

21 => FTP

22 => SSH

23 => Telnet

25 => SMTP Mail Transfer

43 => WHOIS service

53 => name server (DNS)

80 => HTTP (Web server)

110 => POP protocol (for email)

443 => HTTP Secure (SSL for https:// )

995 => POP over SSL/TLS

9999 => Urchin

3306 = > MysQL Server

2082 => CPANEL Default

2083 => CPANEL - Secure/SSL

2086 => CPANEL WHM

2087 => CPANEL WHM - Secure/SSL

2095 => cpanel webmail

2096 => cpanel webmail - secure/SSL

Plesk Control Panel => 8443

DirectAdmin Control Panel => 2222

Webmin Control Panel => 10000

6. Disable the Testing Mode and Start the Firewall

Remember by default the firewall is running in testing mode. You might want to disable the firewall running in testing mode.


vi /etc/csf/csf.conf

//Look for the first line and set testing mode to "0"


//Now restart the firewall!


csf -r

In Cpanel

If you have successfully installed the CSF firewall, then you will find this CSF Security & Firewall option within cpanel WHM at the bottom of the menu. Just click on the link and you can also edit the firewall settings inside Cpanel, which is very easy to do.

CSF Firewall in Cpanel

Config Files

/etc/csf/csf.conf CSF Firewall configuration file

/etc/csf/csf.allow => Config file to allow IPs

/etc/csf/csf.deny => Config file to deny IPs

/etc/csf/ => Alert files with TXT extension are stored within this directory

Final Steps

1. Check the status of firewall inside cpanel

2. Harden the firewall security by performing the system security check. To do this go to Cpanel WHM > CSF Firewall & Security > Check System Security. There it will list WARNINGS based on your server.

Frequently Asked Questions

1. How do i know whether the firewall is running or not?

Just login to Cpanel WHM > Config Security & Firewall > Status: Running

Another good idea is to check and see which ports have been opened and closed by firewall.

To look for open ports, just use the following commands in linux and observe which ports are open.

netstat -nap


nmap fuser localhost

2. How do i Remove the CSF Firewall

Just run the uninstall script located at /etc/csf/ directory


sh /etc/csf/