In this guide we’ll explain how to install CSF on your CentOS 7 VPS.
All commands – without sudo.
systemctl disable firewalld
systemctl stop firewalld
yum clean all
yum -y update
yum -y install wget perl ipset unzip net-tools perl-libwww-perl
yum -y install perl-LWP-Protocol-https perl-GDGraph bind-utils
tar -xzf csf.tgz
rm -rf /opt/csf
rm -rf /opt/csf.tgz
systemctl enable csf
systemctl enable lfd
service csf start
service lfd start
All commands – with sudo.
sudo systemctl disable firewalld
sudo systemctl stop firewalld
sudo yum clean all
sudo yum -y update
sudo yum -y install wget perl ipset unzip net-tools perl-libwww-perl
sudo yum -y install perl-LWP-Protocol-https perl-GDGraph bind-utils
sudo cd /opt
sudo wget https://download.configserver.com/csf.tgz
sudo tar -xzf csf.tgz
sudo cd csf
sudo sh install.sh
sudo rm -rf /opt/csf
sudo rm -rf /opt/csf.tgz
sudo systemctl enable csf
sudo systemctl enable lfd
sudo service csf start
sudo service lfd start
CSF is a firewall based on iptables rules which protects and secures your server. The different threats from which CSF would protect your server includes brute force attacks, email relays, port scanning and many more. CSF configures the firewall to restrict access to your services and allows only connections you specify. It includes the the ability to enable publicly maintained blocklists which block known malicious IP’s and automatically update these blocklists at specified time intervals.
CSF can be installed on servers with or without cPanel. When installed on cPanel servers a GUI can be used for managing CSF with great ease and is included in the WHM panel.
- A CentOS 7 VPS server
- Root access to the server
- An SSH client
After meeting the requirements you can follow the below steps to install and configure CSF in your server.
The first step is to disable and turn off existing firewall since this will cause conflicts. firewalld and iptables are pre-installed on CentOS 7.
systemctl disable firewalld systemctl stop firewalld
Clean yum cache packages and headers. After that update yum packages.
yum clean all yum -y update
CSF and LFD needs the perl module, unzip and a few more utility packages to function properly.
yum -y install wget perl ipset unzip net-tools perl-libwww-perl yum -y install perl-LWP-Protocol-https perl-GDGraph bind-utils
Now CSF can be downloaded, extracted and installed using the following steps. First, change the directory to /opt. This directory will be using as download location for the rest of installation.
Download the source file using the below command
Now decompress the downloaded file using TAR command.
tar -xzf csf.tgz
Install CSF using the following commands.
cd csf sh install.sh
After completing the installation, it is a good practice to remove the downloaded files. You can use the below commands to remove the files.
rm -rf /opt/csf rm -rf /opt/csf.tgz
Change directory back to the home directory
Go to the csf configuration directory and open csf.conf using vim.
Change TESTING to 0 for applying firewall configuration.
By default, CSF allows incoming and outgoing traffic for SSH on port 22. You should change this to another port in the dynamic port range from 49152 – 65535 as a best practice for security. To do this, add the port to the configuration file in line “TCP_IN” and “TCP6_IN”.
NOTE: Port changes need to be made for both IPv4 and IPv6 addresses unless you intend to disable IPv6.
# Allow incoming TCP ports
TCP_IN = "62314"
# Allow incoming IPv6 TCP ports
TCP6_IN = "62314"
Start CSF and LFD with systemctl command.
systemctl start csf systemctl start lfd
And then enable CSF and LFD to start on boot.
systemctl enable csf systemctl enable lfd
Now, you will be able to use CSF as a firewall and intrusion/login failure detection system to secure your server.
If you have any web hosting questions please feel free to reach out to us. We're happy to help.
Shared Hosting | Reseller Hosting | Managed WordPress Hosting | Fully Managed VPS Hosting
Our Guiding Principles
- Provide consistent, stable, and reliable web hosting services.
- Ensure rapid ticket response and quick resolutions to issues.
- Never saturate or over-provision servers to ensure stability and speed for our customers.
- Use only high-quality enterprise-class hardware to ensure minimal downtime from hardware failures.
- Provide clear pricing with no hidden fees or gotchas.