ConfigServer & Security Firewall (CSF) is a popular choice for enhancing the security of cPanel servers and protecting them from DDoS attacks. This guide will walk you through the process of installing and configuring CSF firewall on your cPanel server.
Step 1: Install CSF Firewall
- Download the latest source code of CSF firewall and extract it on your system using the following commands:
wget https://download.configserver.com/csf.tgz
tar xfz csf.tgz
cd csf
- Once you have extracted the latest code, run the install.sh script to install CSF on your system. The installer will automatically detect your cPanel server and install the required modules.
chmod +x install.sh
sh install.sh
Step 2: Configure CSF Firewall
- Open the configuration file /etc/csf/csf.conf and disable TESTING mode by setting the value to “0”.
TESTING = "0"
- Restart the CSF service to apply the changes:
csf -r
- Access the CSF graphical interface for more configuration options by visiting WHM (Web Host Manager) at Home » Plugins » ConfigServer Security & Firewall.
Step 3: Manage CSF with Command Line
You can also manage CSF firewall using the command line. Here are some useful commands:
- To allow an IP address (it will be added to /etc/csf/csf.allow):
csf -a 11.22.33.44
- To deny an IP address (it will be added to /etc/csf/csf.deny):
csf -d 11.22.33.44
- To search for a specific IP or CIDR in iptables rules:
csf -g 11.22.33.44
- To start the firewall rules:
csf -s
- To flush/stop the firewall rules (Note: lfd may restart csf):
csf -f
- To restart CSF firewall rules:
csf -r
These command line options provide basic functionality, and you can explore more options and parameters in the CSF documentation.
By following these steps, you can successfully install and configure CSF firewall on your cPanel server, strengthening its security and protecting it from various threats.