ConfigServer Firewall (CSF) is a powerful firewall configuration script designed to enhance server security while providing an easy-to-use interface for managing firewall settings. You can install and configure CSF via SSH and manage it through WHM.
Installation
- Connect to your server via SSH as the root user and execute the following commands:
- Access CSF in WHM by searching for 'ConfigServer Security & Firewall' and selecting it from the menu on the left.
Configuration
Disabling Test Mode
By default, CSF is initially set to Test Mode. To ensure your firewall settings are applied correctly and not reset by cPanel’s periodic tasks (cron jobs), disable Test Mode after configuring.
The settings page offers a variety of configuration options. For example, IPv4 Port Settings manage incoming and outgoing traffic through TCP, UDP, ICMP, and other ports. To allow MySQL to accept remote connections, you need to add port 3306 to the TCP_IN list. Similarly, if applications on your server need to make queries to a remote server, you should also include port 3306 in the TCP_OUT list.
Ports are separated by commas. Changes are saved at the bottom of the page.
After changes are saved, you need to restart both csf and lfd.
If the firewall on the server is in full and not the test mode, you will see a message:
This is just one of the many configuration options available. Other features are detailed on the Firewall Configuration page, where changes are made similarly to the example provided.
Checking Server Security
This tool is useful for displaying your server's current security level.
By default, the server's protection level is not set to the recommended standard:
For your safety, refer to the tips provided on this page. When making adjustments, ensure that you do not disrupt the applications running on the server.
Allow/Deny IP Addresses
- Quick Allow: This option permits the specified IP address to access any service on your server, including all incoming traffic and ports. It acts as a whitelist.
- Quick Deny: This feature blocks specific IP addresses from accessing your server. For example, you can add IPs involved in DDoS attacks to this list. It functions as a blacklist.
- Quick Unblock: Use this feature to remove an IP address from the block list if it was mistakenly blocked.
Check for IPs in RBLs
This tool scans all IP addresses on your server for any listings on public blacklists. Please be aware that the process may take some time to complete.
We’ve covered some of the key features of CSF, but there are many more available. We recommend exploring the tool further to customize its settings according to your server’s specific needs.
