CentosControl PanelVesta CP

How to Install CSF Firewall on VestaCP CentOS and Enable CSF firewall GUI

In this tutorial we’ll be enabling CSF firewall under Vestacp (also works with any Centos/rhel os) and add link to VESTA menu in order to access the CSF firewall GUI. CSF firewall comes with many features and indeed simple to use gui. ConfigServe Firewall, also known as CSF, is a firewall configuration script created to provide better security for your server while giving you an easy to use, advanced interface for managing your firewall settings. CSF configures your server’s firewall to lock down public access to services and only allow certain connections, such as logging in to FTP, checking your email, or loading your websites.

this tutorial exclusively for centos vestacp users

First install required packages for CSF

yum install perl-GDGraph perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN perl-IO-Socket-INET6 perl-Socket6 perl-Crypt-SSLeay perl-Net-SSLeay perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch 

Disable Fail2ban and Firewalld service if you’re running it :

service firewalld stop
service fail2ban stop

If you don’t need this services disable it or remove it.

Install CSF firewall :

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

then go to /etc/csf and edit csf.conf :

yum install nano -y
nano csf.conf

Find TESTING and change this configs :

TESTING = "1"

change it to

TESTING = "0"

Find RESTRICT_SYSLOG :

RESTRICT_SYSLOG = "0"

Change it to

RESTRICT_SYSLOG = "3"

Also ensure this ports are listed :

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,8083"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995,8083"

Save the config file and restart :

csf -r

You can now go to Vestacp admin to see CSF menu

That’s it you’ve done installation of csf under VestaCP

Commands for CSF

Stop the firewall / Flush the rules

csf -f

Restart the firewall

csf -r

Add an IP to the whitelist

csf -a

Blacklist an IP ( the IP won’t be able to connect to the server)

csf -d

Remove an IP from the allow list

csf -ar

Remove an IP from the deny list

csf -dr

Update/upgrade CSF

csf -u

Disable CSF and LFD

csf -x

Enable CSF and LFD

csf -e

Sandeep B.

I'm a system admin and php developer and currently working as System Admin In CWP Control panel, expertise in Linux and Windows administration RHEL certified admin.

Related Articles

10 Comments

    1. this packages need to be installed
      yum install perl-GDGraph perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN perl-IO-Socket-INET6 perl-Socket6 perl-Crypt-SSLeay perl-Net-SSLeay perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch

      and
      Also add CSF GUI port 9443 in TCP_IN to open the port

Leave a Reply

Your email address will not be published.

Back to top button