How to Install CSF Firewall on VestaCP CentOS and Enable CSF firewall GUI

by Sandeep B.

In this tutorial we’ll be enabling CSF firewall under Vestacp (also works with any Centos/rhel os) and add link to VESTA menu in order to access the CSF firewall GUI. CSF firewall comes with many features and indeed simple to use gui. ConfigServe Firewall, also known as CSF, is a firewall configuration script created to provide better security for your server while giving you an easy to use, advanced interface for managing your firewall settings. CSF configures your server’s firewall to lock down public access to services and only allow certain connections, such as logging in to FTP, checking your email, or loading your websites.

this tutorial exclusively for centos vestacp users

First install required packages for CSF

yum install perl-GDGraph perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN perl-IO-Socket-INET6 perl-Socket6 perl-Crypt-SSLeay perl-Net-SSLeay perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch 

Disable Fail2ban and Firewalld service if you’re running it :

service firewalld stop
service fail2ban stop

If you don’t need this services disable it or remove it.

Install CSF firewall :

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

then go to /etc/csf and edit csf.conf :

yum install nano -y
nano csf.conf

Find TESTING and change this configs :

TESTING = "1"

change it to

TESTING = "0"

Find RESTRICT_SYSLOG :

RESTRICT_SYSLOG = "0"

Change it to

RESTRICT_SYSLOG = "3"

Also ensure this ports are listed :

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,8083"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995,8083"

Save the config file and restart :

csf -r

You can now go to Vestacp admin to see CSF menu

That’s it you’ve done installation of csf under VestaCP

Commands for CSF

Stop the firewall / Flush the rules

csf -f

Restart the firewall

csf -r

Add an IP to the whitelist

csf -a

Blacklist an IP ( the IP won’t be able to connect to the server)

csf -d

Remove an IP from the allow list

csf -ar

Remove an IP from the deny list

csf -dr

Update/upgrade CSF

csf -u

Disable CSF and LFD

csf -x

Enable CSF and LFD

csf -e

If this post helps you in any way please consider a donation

Donate with PayPal :

md-donate

You may also like

10 comments

Laur August 10, 2018 - 3:46 pm

csf conf it’s here:
/etc/csf/csf.conf

Reply
Nacef August 22, 2018 - 5:09 pm

Great tuto
Thank you very much

Reply
Sandy August 24, 2018 - 12:34 pm

You’re welcome, visit for more in future.

Reply
Epiel October 14, 2018 - 7:27 pm

this https://ip:9443 to access the GUI/User Interface is not working for me

Reply
Sandy October 15, 2018 - 4:41 pm

this packages need to be installed
yum install perl-GDGraph perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN perl-IO-Socket-INET6 perl-Socket6 perl-Crypt-SSLeay perl-Net-SSLeay perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch

and
Also add CSF GUI port 9443 in TCP_IN to open the port

Reply
Juan April 19, 2019 - 11:44 pm

GUI/User Interface is not working

Reply
Sandy April 23, 2019 - 9:13 am

probably you didn’t follow the steps

Reply
Jefferson S Aragão March 11, 2020 - 7:04 pm

how to unpack firewall in vestacp

Reply
Sandeep B. March 11, 2020 - 1:39 pm

Just install it and restart csf and vesta services

Reply
Aaron May 21, 2020 - 2:30 am

Do you have tutorial for installing csf on vestacp using ubuntu server?

Reply

Leave a Comment