In this tutorial we’ll be enabling CSF firewall under Vestacp (also works with any Centos/rhel os) and add link to VESTA menu in order to access the CSF firewall GUI. CSF firewall comes with many features and indeed simple to use gui. ConfigServe Firewall, also known as CSF, is a firewall configuration script created to provide better security for your server while giving you an easy to use, advanced interface for managing your firewall settings. CSF configures your server’s firewall to lock down public access to services and only allow certain connections, such as logging in to FTP, checking your email, or loading your websites.
this tutorial exclusively for centos vestacp users
First install required packages for CSF
yum install perl-GDGraph perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN perl-IO-Socket-INET6 perl-Socket6 perl-Crypt-SSLeay perl-Net-SSLeay perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch
Disable Fail2ban and Firewalld service if you’re running it :
service firewalld stop service fail2ban stop
If you don’t need this services disable it or remove it.
Install CSF firewall :
cd /usr/src rm -fv csf.tgz wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh
then go to
/etc/csf and edit csf.conf :
yum install nano -y nano csf.conf
Find TESTING and change this configs :
TESTING = "1"
change it to
TESTING = "0"
Find RESTRICT_SYSLOG :
RESTRICT_SYSLOG = "0"
Change it to
RESTRICT_SYSLOG = "3"
Now we’ll enable CSF GUI :
Find “SECTION:Integrated User Interface” and find & modify this configs :
UI = "0" UI_PORT = "6666" UI_USER = "username" UI_PASS = "password" UI_ALLOW = "1"
Change the value to :
UI = "1" UI_PORT = "9443" UI_USER = "mystery" UI_PASS = "mysterdata23400" UI_ALLOW = "0"
don’t forget to use your own username and password. And you can choose your own bind port instead of 9443
Also add CSF GUI port 9443 in TCP_IN to open the port :
# Allow incoming TCP ports TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,8083,9443"
Also ensure this ports are listed :
# Allow incoming TCP ports TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,8083,9443" # Allow outgoing TCP ports TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995,8083"
Save the config file and restart :
You can now go to https://ip:9443 to access the GUI/User Interface
Add CSF FIREWALL access Link to VestaCP menu
Navigate to :
and edit panel.html :
Add this html code at line 20 :
<div class="l-menu__item <?php if($TAB == 'UPDATES' ) echo 'l-menu__item--active' ?>"><a href="https://184.108.40.206:9443/" target="_blank">CSF FIREWALL</a></div>
replace 220.127.116.11 with your server IP
That’s it you’ve done installation of csf under VestaCP
Commands for CSF
Stop the firewall / Flush the rules
Restart the firewall
Add an IP to the whitelist
Blacklist an IP ( the IP won’t be able to connect to the server)
Remove an IP from the allow list
Remove an IP from the deny list
Disable CSF and LFD
Enable CSF and LFD