🕙 Last Sync: 10/05/2025 08:08 UTC

♾️ Official repository for Config Server Firewall (CSF) ♾️

---

• Summary
• Features
  • Firewall & Network Security
  • Login & User Monitoring
  • Alerts & Notifications
  • Intrusion Detection & Exploit Protection
  • Management & Control
• Documentation
  • 📕 Main Chapters
  • 📗 Cheatsheets
• Install
  • Requirements
  • Install
    • Step 1: Dependencies
    • Step 2: Download
      • Download Direct
      • Download Get.sh
    • Step 3: Run Pre-install Tests
    • Step 4: Install
    • Step 5: Disable Testing Mode
    • Step 6: Enable and Start Services
• IP Sets / Blocklist
  • Official Blocklists
    • Risk Assessments
    • Main Lists
    • Privacy Lists
    • Spam Lists
    • Internet Service Providers
    • Geographical Databases
      • General
      • Continents
      • Countries
    • Transmission (BitTorrent Client)
  • 3rd-party Blocklists
• Notes
  • CSF to Iptable Commands
    • Default Policy
    • Clear Iptables / Open Firewall
    • List Rules
    • List Chains
    • Unblock Port
    • Allow OpenVPN
• References for More Help
• Questions & Answers
• Contributors ✨

---

Summary

ConfigServer Firewall & Security, also known as CSF, is a Stateful Packet Inspection (SPI) firewall and Login/Intrusion Detection and Security application for Linux servers which started back in 2005. CSF works as a front-end to iptables or nftables, configuring your server’s firewall rules to lock down public access to services while allowing only approved connections.

This provides better security for your server while giving you an advanced, easy-to-use interface for managing firewall settings. With CSF in place, you can safely permit activities such as logging in via FTP or SSH, checking email, and loading websites, while unauthorized access attempts are blocked.

Note

In August 2025, the original developer, Way to the Web Ltd, discontinued development of ConfigServer Firewall. This repository has since taken over, continuing its development by adding new features and providing ongoing bug fixes.

---

Features

Interested in Config Server Firewall & Security? Check out a partial list of the included features below:

Firewall & Network Security

• Easy-to-use SPI firewall powered by iptables/nftables
• Pre-configured for cPanel and DirectAdmin (standard ports open by default)
• Auto-detects non-standard SSH ports during installation
• Works with multiple network interfaces
• Supports IPv6 via ip6tables
• Block traffic on unused server IPs to reduce attack surface
• Country-based access control (allow/deny by ISO Country Code)
• Protection against:
  • SYN floods
  • Ping of Death
  • Port scans
  • Connection flooding (per IP/per port detection)
• Permanent or temporary IP blocking (with TTL support)
• Integration with blocklists like DShield and Spamhaus DROP
• BOGON packet protection

Login & User Monitoring

• Login Failure Daemon (LFD): detects repeated login failures (brute force protection)
• Monitors authentication for:
  • SSH (OpenSSH)
  • FTP (Pure-ftpd, vsftpd, Proftpd)
  • Mail (Courier IMAP, Dovecot, Kerio, Exim SMTP AUTH, POP3/IMAP)
  • Web (cPanel/WHM, Webmail, htpasswd-protected pages)
  • ModSecurity (v1 & v2)
  • Suhosin
  • Custom services via regex and log file matching
• POP3/IMAP login tracking (limit logins per hour)
• Distributed attack detection (across multiple servers)
• LFD clustering – share blocks/whitelists across a server group
• Temporary IP allows (with TTL)

Alerts & Notifications

• SSH and su login notifications
• Root access notifications (WHM)
• Alerts for:
  • High server load average
  • Excessive email sending per hour (spamming detection)
  • Suspicious processes running
  • Abnormal file activity in /tmp and similar directories
  • Excessive user processes or resource usage
  • Account changes (password updates, shell changes, etc.)

Intrusion Detection & Exploit Protection

• Intrusion Detection System (IDS) – monitors system/application binaries
• Suspicious process and file reporting
• Exploit checks
• Directory and file integrity monitoring
• ModSecurity log reporting
• Messenger Service – optionally redirect blocked users to a custom page explaining why access is denied

Management & Control

• Integrated UI for major control panels:
  • cPanel, DirectAdmin, InterWorx, CWP, VestaCP, CyberPanel, Webmin
• cPanel reseller access (per-reseller firewall controls: Allow, Deny, Unblock, Search)
• Integrated with CloudFlare Firewall
• Upgrade firewall directly from control panel or shell
• Quick start mode for servers with large allow/deny lists
• Easy Dynamic DNS support (auto-allow your changing home IP)
• System statistics & graphs (CPU, load, memory, etc.)
• ipset support for handling large IP lists efficiently
• Integrated support for cse within the UI

---

Documentation

This README only covers basic installation of CSF. In order to keep all information in one place, all other guides are located in our official documentation. We have provided some useful links below.

📕 Main Chapters

Review the following chapters to learn more about setting up CSF and making use of its included features:

Chapter	Description	View Docs
Enable Web Interface	How to enable and set up CSF web interface	View
Configuration	Configuring CSF for the first time	View
Enable IPSETs	Manage large blocklists without performance impacts	View
Blocklists	Deny access to abusive IPs with 3rd party blocklists	View
GeoIP Blocks	Block access to geographical locations	View
Traefik Integration	CSF behind Traefik Reverse Proxy	View
Authentik Integration	Secure CSF behind Authentik for authentication	View
Uninstall	Uninstall CSF from your server	View

📗 Cheatsheets

These are quick-guides which explain very specific features in detail.

Chapter	Description	View Docs
Folder Structure	Explains every file and folder within CSF and its purpose	View
Commands	Detailed overview of the commands that come with CSF	View
Sample Configs	Default and example config files / templates for CSF	View

---

Install

This section will explain how to install ConfigServer Firewall in very simple terms, without a lot of extra detail. We also provide a full and detailed Installation Guide within our official documentation. These docs go into much more detail than our README. However, if you're looking for a quick setup, read below:

Requirements

Installing CSF on your server requires the following:

• Linux server running CentOS, Debian, Ubuntu, or any other compatible Linux distribution.
• Root access or user account with sudo privileges.
• Perl installed on your server.

Install

Use these instructions if you wish to manually install CSF on your server.

Step 1: Dependencies

To install the latest version of CSF manually, run the following commands:

• For Debian/Ubuntu:

  sudo apt-get update && sudo apt-get install -y \
    perl \
    libwww-perl \
    libio-socket-ssl-perl \
    libcrypt-ssleay-perl \
    libnet-libidn-perl \
    libio-socket-inet6-perl \
    libsocket6-perl \
    ipsets

• For CentOS/RHEL:

  sudo yum makecache && sudo yum install -y \
    perl \
    perl-libwww-perl \
    perl-IO-Socket-SSL \
    perl-Net-SSLeay \
    perl-Net-LibIDN \
    perl-IO-Socket-INET6 \
    perl-Socket6 \
    ipsets

Step 2: Download

To download and install CSF, you have two options. Both options give you the latest version of our CSF archive.

1. Download .zip using wget or curl
2. Download .zip using get.sh script

Download Direct

To download the latest CSF release, run one of the commands:

# Using wget
wget https://download.configserver.dev/csf.zip

# Using curl
curl -O https://download.configserver.dev/csf.zip

Download Get.sh

To download the latest version of CSF using our get.sh script, run one of the commands below. This will simply give you the zip file in the folder you run the command from.

# Using wget
bash <(wget -qO - https://get.configserver.dev)

# Using curl
bash <(curl -sL https://get.configserver.dev)

The CSF archive should be on your server; extract it to a subfolder called ./csf:

# .zip filename
unzip -oq "csf.zip" -d "csf"

# .tgz filename
tar -xzf "csf.tgz" -C "csf"

Step 3: Run Pre-install Tests

Before enabling and configuring CSF, it is crucial to test whether it is compatible with your server. Run the following command to initiate the test.

If the test completes successfully, you will see RESULT: csf should function on this server. If there are any problems, the test will provide information on how to resolve them.

sudo perl csf/csftest.pl

Step 4: Install

After completing Step 3: Run Pre-install Tests, Navigate to the extracted directory:

cd csf

Run the installation script. After installation, you must Disable Testing Mode.

sudo sh install.sh

Step 5: Disable Testing Mode

In order for the LFD service to be started, you must disable TESTING mode. Open your csf config file at /etc/csf/csf.conf and change TESTING = "1" to 0.

TESTING = "0"

Step 6: Enable and Start Services

After doing all of the above, confirm that CSF and LFD are now running on your server. First, we will enable CSF with the following command:

sudo csf --enable

Then start the service:

sudo systemctl start csf
sudo systemctl start lfd
sudo csf -ra

Confirm that the CSF service is up and running:

sudo systemctl status csf

You should see:

● csf.service - ConfigServer Firewall & Security - csf
    Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; preset: enabled)
    Active: active (exited) since Sun 2025-09-21 01:35:45 UTC; 4s ago
    Process: 449564 ExecStart=/usr/sbin/csf --initup (code=exited, status=0/SUCCESS)
  Main PID: 449564 (code=exited, status=0/SUCCESS)
        CPU: 621ms

Now check the LFD service for the same status:

sudo systemctl status lfd

You should see:

● lfd.service - ConfigServer Firewall & Security - lfd
    Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; preset: enabled)
    Active: active (running) since Sun 2025-09-21 01:44:00 UTC; 53min ago
    Process: 335736 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
  Main PID: 335770 (lfd - sleeping)
      Tasks: 1 (limit: 4546)
    Memory: 39.2M (peak: 63.3M)
        CPU: 15.090s
    CGroup: /system.slice/lfd.service
            └─335770 "lfd - sleeping"

At this point, CSF and LFD should be up and running, with minimal configuration. We highly recommend going to our official documentation for a more in-depth tutorial on how to install and configure CSF. These docs are available in our Install Chapter.

---

IP Sets / Blocklist

CSF supports the use of blocklists to help protect your server from malicious IP addresses and unwanted network traffic. Blocklists are essentially collections of IPs or networks that are known to be associated with spammers, hackers, botnets, or other abusive behavior. When CSF is configured to use blocklists, it can automatically deny or restrict connections from these IPs, reducing the risk of compromise, brute-force attacks, and other forms of network abuse. By proactively filtering traffic, blocklists help maintain server security and improve overall system reliability.

Blocklists can come from a variety of third-party vendors, each maintaining their own lists based on threat intelligence and community reporting. Examples of well-known blocklist providers include Spamhaus, DShield, TOR Exit Node lists, BOGON networks, Project Honey Pot, and MaxMind’s anonymous proxies, among others. These lists are continuously updated and can be integrated into CSF to provide real-time protection against emerging threats.

In addition to third-party lists, CSF offers its own official blocklist and IPSET service, maintained in the Official CSF Repository . Users can choose to use the CSF official blocklist alone or combine it with other vendors’ lists for more comprehensive coverage. Using multiple blocklists in conjunction ensures a layered defense, helping administrators mitigate attacks and maintain control over who can access their server while minimizing false positives.

By leveraging blocklists, CSF empowers users to proactively defend their infrastructure, reduce malicious traffic, and maintain a more secure hosting environment without manual monitoring of each incoming IP.

Official Blocklists

CSF hosts our own set of blocklists which are are automatically updated every 6 hours. You may add these sets to your ConfigServer Firewall /etc/csf/csf.blocklists with the following new lines:

CSF_MASTER|43200|400000|https://raw.githubusercontent.com/Aetherinox/csf-firewall/main/blocklists/master.ipset
CSF_HIGHRISK|43200|0|https://raw.githubusercontent.com/Aetherinox/csf-firewall/main/blocklists/highrisk.ipset

Risk Assessments

The lists in this README use ⚝ and ★ icons to indicate risk levels. More stars mean higher risk. Lists marked as High or Critical should be added to your CSF blocklist to secure your server. Lower-risk lists are optional and can be added at your discretion.

Our automated CI generates this risk assessment each day.

Rating	Risk	Description
⚝⚝⚝⚝⚝	No Risk	IPs pose no real threat, but possibly suspected
★⚝⚝⚝⚝	Low Risk	IPs pose minimal threat
★★⚝⚝⚝	Moderate Risk	IPs may cause issues; monitor carefully
★★★⚝⚝	Elevated Risk	IPs are risky; consider blocking
★★★★⚝	High Risk	IPs are dangerous; likely to cause harm
★★★★★	Critical Risk	IPs are highly dangerous; block immediately

Main Lists

These are the primary IPSETs that most people will be interested in. They contain a large number of IP addresses that have been reported recently for abusive behavior. These statistics are gathered from multiple sources, such as AbuseIPDB and IPThreat. IPs on this list have a 100% confidence level, meaning you should encounter no false positives from any of the IPs included.

IP addresses in these lists have been flagged for engaging in activities such as:

• SSH Bruteforcing
• Port Scanning
• DDoS Attacks
• IoT Targeting
• Phishing

For most users, the blocklists master.ipset and highrisk.ipset are all you need. They contain a massive collection of IP addresses, all with a 100% confidence level, meaning you should encounter none or minimal false positives.

Set Name	Description	Severity	View
master.ipset	Abusive IP addresses which have been reported for port scanning and SSH brute-forcing. HIGHLY recommended. Includes AbuseIPDB, IPThreat, CinsScore, GreensNow	★★★★★	view
highrisk.ipset	IPs with highest risk to your network and have a possibility that the activity which comes from them are going to be fraudulent.	★★★★★	view

Privacy Lists

These blocklists help you control which third-party services can access your server, allowing you to block bad actors or unwanted service providers.

Set	Description	Severity	View
privacy_general.ipset	Servers which scan ports for data collection and research purposes. List includes Censys, Shodan, Project25499, InternetArchive, Cyber Resilience, Internet Measurement, probe.onyphe.net, Security Trails	★★★★⚝	view
privacy_ahrefs.ipset	Ahrefs SEO and services	★★⚝⚝⚝	view
privacy_amazon_aws.ipset	Amazon AWS	★★⚝⚝⚝	view
privacy_amazon_ec2.ipset	Amazon EC2	★★⚝⚝⚝	view
privacy_applebot.ipset	Apple Bots	★★★⚝⚝	view
privacy_bing.ipset	Microsoft Bind and Bing Crawlers / Bots	★★⚝⚝⚝	view
privacy_bunnycdn.ipset	Bunny CDN	★★⚝⚝⚝	view
privacy_cloudflarecdn.ipset	Cloudflare CDN	★★⚝⚝⚝	view
privacy_cloudfront.ipset	Cloudfront DNS	★⚝⚝⚝⚝	view
privacy_duckduckgo.ipset	DuckDuckGo Web Crawlers / Bots	★★⚝⚝⚝	view
privacy_facebook.ipset	Facebook Bots & Trackers	★★★⚝⚝	view
privacy_fastly.ipset	Fastly CDN	★⚝⚝⚝⚝	view
privacy_google.ipset	Google Crawlers	★★⚝⚝⚝	view
privacy_pingdom.ipset	Pingdom Monitoring Service	★★⚝⚝⚝	view
privacy_rssapi.ipset	RSS API Reader	★★⚝⚝⚝	view
privacy_stripe_api.ipset	Stripe Payment Gateway API	★★⚝⚝⚝	view
privacy_stripe_armada_gator.ipset	Stripe Armada Gator	★★⚝⚝⚝	view
privacy_stripe_webhooks.ipset	Stripe Webhook Service	★★⚝⚝⚝	view
privacy_telegram.ipset	Telegram Trackers and Crawlers	★★★⚝⚝	view
privacy_uptimerobot.ipset	Uptime Robot Monitoring Service	★⚝⚝⚝⚝	view
privacy_webpagetest.ipset	Webpage Test Services	★★⚝⚝⚝	view

Spam Lists

These blocklists help prevent known spam sources from accessing your server. They include IPs identified by services like Spamhaus as well as spammers targeting forums and other online platforms.

Set	Description	Severity	View
spam_forums.ipset	List of known forum / blog spammers and bots	★★★⚝⚝	view
spam_spamhaus.ipset	Bad actor IP addresses registered with Spamhaus	★★★★⚝	view

Internet Service Providers

These blocklists allow you to filter traffic based on Internet Service Providers (ISPs). They can be used to block or restrict access from specific networks or providers.

Set	Description	Severity	View
isp_aol.ipset	AOL Internet Service Provider IPs	★⚝⚝⚝⚝	view
isp_att.ipset	AT&T Internet Service Provider IPs	★⚝⚝⚝⚝	view
isp_cablevision.ipset	Cablevision / Optimum ISP IPs	★⚝⚝⚝⚝	view
isp_charter_spectrum_timewarnercable.ipset	Charter/Spectrum/TWC ISP IPs	★⚝⚝⚝⚝	view
isp_comcast.ipset	Comcast / Xfinity ISP IPs	★⚝⚝⚝⚝	view
isp_cox_communications.ipset	Cox Communications ISP IPs	★⚝⚝⚝⚝	view
isp_embarq.ipset	Embarq / CenturyLink ISP IPs	★⚝⚝⚝⚝	view
isp_frontier_communications.ipset	Frontier Communications ISP IPs	★⚝⚝⚝⚝	view
isp_qwest.ipset	Qwest / CenturyLink ISP IPs	★⚝⚝⚝⚝	view
isp_spacex_starlink.ipset	SpaceX Starlink satellite ISP IPs	★⚝⚝⚝⚝	view
isp_sprint.ipset	Sprint ISP IPs	★⚝⚝⚝⚝	view
isp_suddenlink_altice_optimum.ipset	Suddenlink / Altice / Optimum ISP IPs	★⚝⚝⚝⚝	view
isp_verizon.ipset	Verizon ISP IPs	★⚝⚝⚝⚝	view

Geographical Databases

These blocklists let you control which geographical locations can access your server. They can be used as either a whitelist or a blacklist and include both continents and countries.

All data is sourced directly from the GeoLite2 Database.

General

Set	Description	Severity	View
GeoLite2 Database	Lists IPs by continent and country from GeoLite2 database. Contains both IPv4 and IPv6 subnets	★★★★★	view
Ip2Location Database	Coming soon	★★★★★	view

Continents

These blocklists let you control which geographical locations can access your server. They can be used as either a whitelist or a blacklist and include both continents and countries.

All data is sourced directly from the GeoLite2 Database.

Set	Description	Risk	View
continent_africa.ipset	All IPs located in Africa	★★★⚝⚝	view
continent_antartica.ipset	All IPs located in Antarctica	⚝⚝⚝⚝⚝	view
continent_asia.ipset	All IPs located in Asia	★★★★⚝	view
continent_europe.ipset	All IPs located in Europe	★★★⚝⚝	view
continent_north_america.ipset	All IPs located in North America	★★★★⚝	view
continent_oceania.ipset	All IPs located in Oceania	★⚝⚝⚝⚝	view
continent_south_america.ipset	All IPs located in South America	★★⚝⚝⚝	view

Countries

These blocklists let you control which geographical locations can access your server. They can be used as either a whitelist or a blacklist and include both continents and countries.

All data is sourced directly from the GeoLite2 Database.

Set	Description	Severity	View
country_afghanistan.ipset	Afghanistan	★★★★⚝	view
country_aland_islands.ipset	Aland Islands	⚝⚝⚝⚝⚝	view
country_albania.ipset	Albania	★★⚝⚝⚝	view
country_algeria.ipset	Algeria	★★★⚝⚝	view
country_american_samoa.ipset	American Samoa	⚝⚝⚝⚝⚝	view
country_andorra.ipset	Andorra	⚝⚝⚝⚝⚝	view
country_angola.ipset	Angola	★★★⚝⚝	view
country_anguilla.ipset	Anguilla	⚝⚝⚝⚝⚝	view
country_antarctica.ipset	Antarctica	⚝⚝⚝⚝⚝	view
country_antigua_barbuda.ipset	Antigua and Barbuda	★★⚝⚝⚝	view
country_argentina.ipset	Argentina	★★★⚝⚝	view
country_armenia.ipset	Armenia	★★⚝⚝⚝	view
country_aruba.ipset	Aruba	⚝⚝⚝⚝⚝	view
country_australia.ipset	Australia	★★★⚝⚝	view
country_austria.ipset	Austria	★★⚝⚝⚝	view
country_azerbaijan.ipset	Azerbaijan	★★⚝⚝⚝	view
country_bahamas.ipset	The Bahamas	★★⚝⚝⚝	view
country_bahrain.ipset	Bahrain	★★⚝⚝⚝	view
country_bangladesh.ipset	Bangladesh	★★★★⚝	view
country_barbados.ipset	Barbados	★★⚝⚝⚝	view
country_belarus.ipset	Belarus	★★★⚝⚝	view
country_belgium.ipset	Belgium	★★⚝⚝⚝	view
country_belize.ipset	Belize	★★⚝⚝⚝	view
country_benin.ipset	Benin	★★★⚝⚝	view
country_bermuda.ipset	Bermuda	⚝⚝⚝⚝⚝	view
country_bhutan.ipset	Bhutan	⚝⚝⚝⚝⚝	view
country_bolivia.ipset	Bolivia	★★⚝⚝⚝	view
country_bonaire_sint_eustatius_saba.ipset	Bonaire, Sint Eustatius, and Saba	⚝⚝⚝⚝⚝	view
country_bosnia_herzegovina.ipset	Bosnia and Herzegovina	★★★⚝⚝	view
country_botswana.ipset	Botswana	★★⚝⚝⚝	view
country_bouvet_island.ipset	Bouvet Island	⚝⚝⚝⚝⚝	view
country_brazil.ipset	Brazil	★★★★⚝	view
country_british_indian_ocean_territory.ipset	British Indian Ocean Territory	⚝⚝⚝⚝⚝	view
country_british_virgin_islands.ipset	British Virgin Islands	★★⚝⚝⚝	view
country_brunei_darussalam.ipset	Brunei	★★⚝⚝⚝	view
country_bulgaria.ipset	Bulgaria	★★⚝⚝⚝	view
country_burkina_faso.ipset	Burkina Faso	★★★⚝⚝	view
country_burundi.ipset	Burundi	★★★⚝⚝	view
country_cambodia.ipset	Cambodia	★★★⚝⚝	view
country_cameroon.ipset	Cameroon	★★★⚝⚝	view
country_canada.ipset	Canada	★★⚝⚝⚝	view
country_cape_verde.ipset	Cape Verde	★★⚝⚝⚝	view
country_cayman_islands.ipset	Cayman Islands	★★⚝⚝⚝	view
country_cc.ipset	Cocos (Keeling) Islands	⚝⚝⚝⚝⚝	view
country_central_african_republic.ipset	Central African Republic	★★★★⚝	view
country_chad.ipset	Chad	★★★★⚝	view
country_chile.ipset	Chile	★★⚝⚝⚝	view
country_china.ipset	China	★★★★★	view
country_christmas_island.ipset	Christmas Island	⚝⚝⚝⚝⚝	view
country_colombia.ipset	Colombia	★★★⚝⚝	view
country_comoros.ipset	Comoros	★★⚝⚝⚝	view
country_congo.ipset	Congo	★★★★⚝	view
country_cook_islands.ipset	Cook Islands	⚝⚝⚝⚝⚝	view
country_costa_rica.ipset	Costa Rica	★★⚝⚝⚝	view
country_cote_divoire.ipset	Côte d'Ivoire	★★★⚝⚝	view
country_croatia.ipset	Croatia	★★⚝⚝⚝	view
country_cuba.ipset	Cuba	★★★⚝⚝	view
country_curacao.ipset	Curaçao	★★⚝⚝⚝	view
country_cyprus.ipset	Cyprus	★★⚝⚝⚝	view
country_czech_republic.ipset	Czech Republic	★★⚝⚝⚝	view
country_democratic_republic_congo.ipset	Democratic Republic of the Congo	★★★★★	view
country_denmark.ipset	Denmark	★★⚝⚝⚝	view
country_djibouti.ipset	Djibouti	★★★⚝⚝	view
country_dominica.ipset	Dominica	⚝⚝⚝⚝⚝	view
country_dominican_republic.ipset	Dominican Republic	★★⚝⚝⚝	view
country_ecuador.ipset	Ecuador	★★★⚝⚝	view
country_egypt.ipset	Egypt	★★★★⚝	view
country_el_salvador.ipset	El Salvador	★★★⚝⚝	view
country_equatorial_guinea.ipset	Equatorial Guinea	★★★⚝⚝	view
country_eritrea.ipset	Eritrea	★★★⚝⚝	view
country_estonia.ipset	Estonia	★★⚝⚝⚝	view
country_eswatini.ipset	Eswatini	★★⚝⚝⚝	view
country_ethiopia.ipset	Ethiopia	★★★⚝⚝	view
country_europe.ipset	Europe	★★⚝⚝⚝	view
country_falkland_islands_malvinas.ipset	Falkland Islands (Malvinas)	⚝⚝⚝⚝⚝	view
country_faroe_islands.ipset	Faroe Islands	⚝⚝⚝⚝⚝	view
country_fiji.ipset	Fiji	★★⚝⚝⚝	view
country_finland.ipset	Finland	★★⚝⚝⚝	view
country_france.ipset	France	★★⚝⚝⚝	view
country_french_guiana.ipset	French Guiana	★★⚝⚝⚝	view
country_french_polynesia.ipset	French Polynesia	⚝⚝⚝⚝⚝	view
country_french_southern_territories.ipset	French Southern Territories	⚝⚝⚝⚝⚝	view
country_gabon.ipset	Gabon	★★★⚝⚝	view
country_gambia.ipset	Gambia	★★★⚝⚝	view
country_georgia.ipset	Georgia	★★⚝⚝⚝	view
country_germany.ipset	Germany	★★⚝⚝⚝	view
country_ghana.ipset	Ghana	★★★⚝⚝	view
country_gibraltar.ipset	Gibraltar	★★⚝⚝⚝	view
country_great_britain.ipset	Great Britain	★★⚝⚝⚝	view
country_greece.ipset	Greece	★★⚝⚝⚝	view
country_greenland.ipset	Greenland	⚝⚝⚝⚝⚝	view
country_grenada.ipset	Grenada	⚝⚝⚝⚝⚝	view
country_guadeloupe.ipset	Guadeloupe	★★⚝⚝⚝	view
country_guam.ipset	Guam	★★⚝⚝⚝	view
country_guatemala.ipset	Guatemala	★★★⚝⚝	view
country_guernsey.ipset	Guernsey	★★⚝⚝⚝	view
country_guineabissau.ipset	Guinea-Bissau	★★★⚝⚝	view
country_guinea.ipset	Guinea	★★★⚝⚝	view
country_guyana.ipset	Guyana	★★⚝⚝⚝	view
country_haiti.ipset	Haiti	★★★★⚝	view
country_heard_island_and_mcdonald_islands.ipset	Heard Island and McDonald Islands	⚝⚝⚝⚝⚝	view
country_honduras.ipset	Honduras	★★★⚝⚝	view
country_hong_kong.ipset	Hong Kong	★★★★⚝	view
country_hungary.ipset	Hungary	★★⚝⚝⚝	view
country_iceland.ipset	Iceland	★★⚝⚝⚝	view
country_india.ipset	India	★★★★⚝	view
country_indonesia.ipset	Indonesia	★★★★⚝	view
country_iran.ipset	Iran	★★★★⚝	view
country_iraq.ipset	Iraq	★★★★⚝	view
country_ireland.ipset	Ireland	★★⚝⚝⚝	view
country_isle_of_man.ipset	Isle of Man	★★⚝⚝⚝	view
country_israel.ipset	Israel	★★★⚝⚝	view
country_italy.ipset	Italy	★★⚝⚝⚝	view
country_jamaica.ipset	Jamaica	★★★⚝⚝	view
country_japan.ipset	Japan	★★⚝⚝⚝	view
country_jersey.ipset	Jersey	★★⚝⚝⚝	view
country_jordan.ipset	Jordan	★★★⚝⚝	view
country_kazakhstan.ipset	Kazakhstan	★★★⚝⚝	view
country_kenya.ipset	Kenya	★★★⚝⚝	view
country_kiribati.ipset	Kiribati	⚝⚝⚝⚝⚝	view
country_kosovo.ipset	Kosovo	★★⚝⚝⚝	view
country_kuwait.ipset	Kuwait	★★⚝⚝⚝	view
country_kyrgyzstan.ipset	Kyrgyzstan	★★★⚝⚝	view
country_laos.ipset	Laos	★★★⚝⚝	view
country_latvia.ipset	Latvia	★★⚝⚝⚝	view
country_lebanon.ipset	Lebanon	★★★⚝⚝	view
country_lesotho.ipset	Lesotho	★★⚝⚝⚝	view
country_liberia.ipset	Liberia	★★★⚝⚝	view
country_libya.ipset	Libya	★★★★⚝	view
country_liechtenstein.ipset	Liechtenstein	⚝⚝⚝⚝⚝	view
country_lithuania.ipset	Lithuania	★★⚝⚝⚝	view
country_luxembourg.ipset	Luxembourg	★★⚝⚝⚝	view
country_macedonia_republic.ipset	Macedonia	★★⚝⚝⚝	view
country_madagascar.ipset	Madagascar	★★⚝⚝⚝	view
country_malawi.ipset	Malawi	★★⚝⚝⚝	view
country_malaysia.ipset	Malaysia	★★★⚝⚝	view
country_maldives.ipset	Maldives	★★⚝⚝⚝	view
country_mali.ipset	Mali	★★★★⚝	view
country_malta.ipset	Malta	★★⚝⚝⚝	view
country_marshall_islands.ipset	Marshall Islands	⚝⚝⚝⚝⚝	view
country_martinique.ipset	Martinique	★★⚝⚝⚝	view
country_mauritania.ipset	Mauritania	★★★⚝⚝	view
country_mauritius.ipset	Mauritius	★★⚝⚝⚝	view
country_mayotte.ipset	Mayotte	★★⚝⚝⚝	view
country_mexico.ipset	Mexico	★★★★⚝	view
country_micronesia.ipset	Micronesia	⚝⚝⚝⚝⚝	view
country_monaco.ipset	Monaco	★★⚝⚝⚝	view
country_mongolia.ipset	Mongolia	★★⚝⚝⚝	view
country_montenegro.ipset	Montenegro	★★⚝⚝⚝	view
country_montserrat.ipset	Montserrat	⚝⚝⚝⚝⚝	view
country_morocco.ipset	Morocco	★★★⚝⚝	view
country_mozambique.ipset	Mozambique	★★★⚝⚝	view
country_myanmar.ipset	Myanmar	★★★⚝⚝	view
country_namibia.ipset	Namibia	★★⚝⚝⚝	view
country_nauru.ipset	Nauru	⚝⚝⚝⚝⚝	view
country_nepal.ipset	Nepal	★★⚝⚝⚝	view
country_netherlands.ipset	Netherlands	★★⚝⚝⚝	view
country_new_caledonia.ipset	New Caledonia	★★⚝⚝⚝	view
country_new_zealand.ipset	New Zealand	★★⚝⚝⚝	view
country_nicaragua.ipset	Nicaragua	★★★⚝⚝	view
country_nigeria.ipset	Nigeria	★★★★★	view
country_niger.ipset	Niger	★★★⚝⚝	view
country_niue.ipset	Niue	⚝⚝⚝⚝⚝	view
country_norfolk_island.ipset	Norfolk Island	⚝⚝⚝⚝⚝	view
country_northern_mariana_islands.ipset	Northern Mariana Islands	⚝⚝⚝⚝⚝	view
country_north_korea.ipset	North Korea	★★★★★	view
country_norway.ipset	Norway	★★⚝⚝⚝	view
country_oman.ipset	Oman	★★⚝⚝⚝	view
country_pakistan.ipset	Pakistan	★★★★★	view
country_palau.ipset	Palau	⚝⚝⚝⚝⚝	view
country_palestine.ipset	Palestine	★★★★⚝	view
country_panama.ipset	Panama	★★★⚝⚝	view
country_papua_new_guinea.ipset	Papua New Guinea	★★★⚝⚝	view
country_paraguay.ipset	Paraguay	★★★⚝⚝	view
country_peru.ipset	Peru	★★★⚝⚝	view
country_philippines.ipset	Philippines	★★★★⚝	view
country_pitcairn.ipset	Pitcairn Islands	⚝⚝⚝⚝⚝	view
country_poland.ipset	Poland	★★⚝⚝⚝	view
country_portugal.ipset	Portugal	★★⚝⚝⚝	view
country_puerto_rico.ipset	Puerto Rico	★★★⚝⚝	view
country_qatar.ipset	Qatar	★★⚝⚝⚝	view
country_republic_moldova.ipset	Moldova	★★⚝⚝⚝	view
country_reunion.ipset	Réunion	★★⚝⚝⚝	view
country_romania.ipset	Romania	★★⚝⚝⚝	view
country_russia.ipset	Russia	★★★★★	view
country_rwanda.ipset	Rwanda	★★★⚝⚝	view
country_saint_barthelemy.ipset	Saint Barthélemy	⚝⚝⚝⚝⚝	view
country_saint_helena.ipset	Saint Helena	⚝⚝⚝⚝⚝	view
country_saint_kitts_nevis.ipset	Saint Kitts and Nevis	⚝⚝⚝⚝⚝	view
country_saint_lucia.ipset	Saint Lucia	⚝⚝⚝⚝⚝	view
country_saint_martin_north.ipset	Saint Martin (North)	⚝⚝⚝⚝⚝	view
country_saint_pierre_miquelon.ipset	Saint Pierre and Miquelon	⚝⚝⚝⚝⚝	view
country_saint_vincent_grenadines.ipset	Saint Vincent and the Grenadines	⚝⚝⚝⚝⚝	view
country_samoa.ipset	Samoa	⚝⚝⚝⚝⚝	view
country_san_marino.ipset	San Marino	⚝⚝⚝⚝⚝	view
country_sao_tome_principe.ipset	São Tomé and Príncipe	★★⚝⚝⚝	view
country_saudi_arabia.ipset	Saudi Arabia	★★★★⚝	view
country_senegal.ipset	Senegal	★★★⚝⚝	view
country_serbia.ipset	Serbia	★★⚝⚝⚝	view
country_seychelles.ipset	Seychelles	★★⚝⚝⚝	view
country_sierra_leone.ipset	Sierra Leone	★★★⚝⚝	view
country_singapore.ipset	Singapore	★★⚝⚝⚝	view
country_sint_maarten_south.ipset	Sint Maarten (South)	⚝⚝⚝⚝⚝	view
country_slovakia.ipset	Slovakia	★★⚝⚝⚝	view
country_slovenia.ipset	Slovenia	★★⚝⚝⚝	view
country_solomon_islands.ipset	Solomon Islands	⚝⚝⚝⚝⚝	view
country_somalia.ipset	Somalia	★★★★★	view
country_south_africa.ipset	South Africa	★★★⚝⚝	view
country_south_georgia_and_the_south_sandwich_islands.ipset	South Georgia and the South Sandwich Islands	⚝⚝⚝⚝⚝	view
country_south_korea.ipset	South Korea	★★⚝⚝⚝	view
country_south_sudan.ipset	South Sudan	★★★★⚝	view
country_spain.ipset	Spain	★★⚝⚝⚝	view
country_sri_lanka.ipset	Sri Lanka	★★★⚝⚝	view
country_sudan.ipset	Sudan	★★★★⚝	view
country_suriname.ipset	Suriname	★★⚝⚝⚝	view
country_svalbard_jan_mayen.ipset	Svalbard and Jan Mayen	⚝⚝⚝⚝⚝	view
country_sweden.ipset	Sweden	★★⚝⚝⚝	view
country_switzerland.ipset	Switzerland	★★⚝⚝⚝	view
country_syria.ipset	Syria	★★★★★	view
country_taiwan.ipset	Taiwan	★★⚝⚝⚝	view
country_tajikistan.ipset	Tajikistan	★★★⚝⚝	view
country_tanzania.ipset	Tanzania	★★★⚝⚝	view
country_thailand.ipset	Thailand	★★★⚝⚝	view
country_timorleste.ipset	Timor-Leste	⚝⚝⚝⚝⚝	view
country_togo.ipset	Togo	★★★⚝⚝	view
country_tokelau.ipset	Tokelau	⚝⚝⚝⚝⚝	view
country_tonga.ipset	Tonga	⚝⚝⚝⚝⚝	view
country_trinidad_tobago.ipset	Trinidad and Tobago	★★⚝⚝⚝	view
country_tunisia.ipset	Tunisia	★★★⚝⚝	view
country_turkey.ipset	Turkey	★★★★⚝	view
country_turkmenistan.ipset	Turkmenistan	★★★⚝⚝	view
country_turks_caicos_islands.ipset	Turks and Caicos Islands	⚝⚝⚝⚝⚝	view
country_tuvalu.ipset	Tuvalu	⚝⚝⚝⚝⚝	view
country_uganda.ipset	Uganda	★★★⚝⚝	view
country_ukraine.ipset	Ukraine	★★★★⚝	view
country_united_arab_emirates.ipset	United Arab Emirates	★★⚝⚝⚝	view
country_united_states.ipset	United States	★★★★⚝	view
country_united_states_minor_outlying_islands.ipset	US Minor Outlying Islands	⚝⚝⚝⚝⚝	view
country_united_states_virgin_islands.ipset	US Virgin Islands	★★⚝⚝⚝	view
country_uruguay.ipset	Uruguay	★★⚝⚝⚝	view
country_uzbekistan.ipset	Uzbekistan	★★★⚝⚝	view
country_vanuatu.ipset	Vanuatu	⚝⚝⚝⚝⚝	view
country_vatican_city_holy_see.ipset	Vatican City / Holy See	⚝⚝⚝⚝⚝	view
country_venezuela.ipset	Venezuela	★★★⚝⚝	view
country_vietnam.ipset	Vietnam	★★★⚝⚝	view
country_wallis_futuna.ipset	Wallis and Futuna	⚝⚝⚝⚝⚝	view
country_western_sahara.ipset	Western Sahara	★★★⚝⚝	view
country_yemen.ipset	Yemen	★★★★★	view
country_zambia.ipset	Zambia	★★⚝⚝⚝	view
country_zimbabwe.ipset	Zimbabwe	★★★⚝⚝	view

Transmission (BitTorrent Client)

This section includes blocklists which you can import into the bittorrent client Transmission.

• In this repo, copy the direct URL to the Transmission blocklist, provided below:
  • https://github.com/Aetherinox/csf-firewall/raw/main/blocklists/transmission/blocklist.gz
• Open your Transmission application; depending on the version you run, do ONE of the follow two choices:
  • Paste the link to Transmission › Settings › Peers › Blocklist
  • Paste the link to Transmission › Edit › Preferences › Privacy › Enable Blocklist

Set	Description	Severity	View	Website
transmission.ipset	A large blocklist for the BitTorrent client Transmission	★★★★★	view	view

3rd-party Blocklists

There are many vendors that also host their own blocklists. You can find these vendors within the file /etc/csf/csf.blocklists. Vendors included are:

• Spamhaus
• DShield
• TOR Exit Nodes
• BOGON
• Project Honey Pot
• C.I. Army Malicious IP List
• BruteForceBlocker
• MaxMind GeoIP Anonymous Proxies
• Blocklist.de
• Stop Forum Spam
• GreenSnow Hack List

For more information on blocklists, visit our official documentation and read the Chapter: Blocklists. Our documentation includes how to enable blocklists, and more information on what they do.

---

Notes

This section simply outlines notes about ConfigServer Firewall

CSF to Iptable Commands

ConfigServer Firewall is a way to manage your existing firewall rules. In order for ConfigServer Firewall to work, your server must have the library iptables installed. ConfigServer Firewall is basically a wrapper for iptables, and has the additional option of adding a web UI so that you can visually manage your firewall instead of using commands. Without iptables, ConfigServer Firewall is useless.

If you were to uninstall ConfigServer Firewall from your server; you would still have the ability to do everything CSF can, but you would have to manually run commands on the package iptables.

This section gives you the commands that ConfigServer Firewall uses to manage your firewall, and gives you the iptables alternative command if you do not wish to use CSF.

Default Policy

ConfigServer Firewall and iptables come with three main CHAINS. ConfigServer Firewall will set these three main chains to have the policy DROP.

This DROP policy means that no connections are allowed to access any of these chains on your server, meaning nobody can connect to your server; unless you have added rules to allow access by an IP address or port.

To set the policy of these chains; run:

sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP 
sudo iptables -P OUTPUT DROP

You can select from the list of available policies.

• ACCEPT Accepts packets into or out of your server.
• DROP Denies access to a port or server, but makes the connection appear to be to an unoccupied IP address. Scanners may choose not to continue scanning addresses which appear unoccupied.
• REJECT Denies access to a port or server, but tells the connecting party that the server and port are really there, but they've been denied access to transmit data or connect.

As a general rule:

• Use ACCEPT to allow access to a port or IP by a connecting party.
• Use DROP for connections to hosts you don't want people to see.
• Use REJECT when you want the other end to know the port is unreachable.

Clear Iptables / Open Firewall

To clear every single iptables rule and open your firewall back up, run the following command. Note that this will completely turn off iptables / CSF's blocking abilities. Your server will be open to connections:

sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT

List Rules

To list all of your iptable rules, and the rules that CSF has added to your firewall, run:

sudo iptables --list --line-numbers -n

List Chains

To list all of the chains in iptables, run:

sudo iptables -L | grep Chain

A list of the available CHAINS are provided below:

Note

Out of box, ConfigServer Firewall & Iptables makes use of three chains

• INPUT Packets coming from the network and going to your server
• OUTPUT Packets originating from your server and going to the network.
• FORWARD Packets forwarded by your server, if/when it acts as a router between different networks such as ^DOCKER

Additional Chains

• NAT This table is consulted when a packet that creates a new connection is encountered. It consists of four built-ins:
  • PREROUTING for altering packets as soon as they come in
  • INPUT for altering packets destined for local sockets
  • OUTPUT for altering locally-generated packets before routing
  • POSTROUTING for altering packets as they are about to go out
• MANGLE Used for specialized packet alteration.
• DOCKER Rules that determine whether a packet that is not part of an established connection should be accepted, based on the port forwarding configuration of running containers.
• DOCKER-USER A placeholder for user-defined rules that will be processed before rules in the ^{DOCKER-FORWARD} and ^DOCKER chains.
• DOCKER-FORWARD The first stage of processing for Docker's networks. Rules that pass packets that are not related to established connections to the other Docker chains, as well as rules to accept packets that are part of established connections.
• DOCKER-ISOLATION-STAGE-1 Rules to isolate Docker networks from each other.
• DOCKER-INGRESS Rules related to Swarm networking.

Unblock Port

If you make use of the ConfigServer Firewall WebUI; one of the features available is the ability to whitelist / allow access to certain ports. If you do not wish to use the WebUI, you can unblock these ports in your terminal using iptables.

To access unblocking ports in CSF, open your WebUI:

Select Firewall Configuration, and then scroll down until you see the settings:

• TCP_IN
• TCP_OUT

To unblock a port using Iptables using the command that CSF would use, you can run the following. For this example, we will unblock port 43 which can be used for the whois package:

sudo iptables -I OUTPUT ! -o lo -m conntrack --ctstate NEW -p tcp --dport 43 -j ACCEPT

Remember to change --dport 43 to the port you wish to unblock, change -p tcp to specify either TCP or UDP, and change -D OUTPUT to specify the chain you want the port to allow access through.

To re-block port 43 and disallow connections, delete the rule in iptables:

sudo iptables -D OUTPUT ! -o lo -m conntrack --ctstate NEW -p tcp --dport 43 -j ACCEPT

To view the firewall rule in your iptables, run:

sudo iptables --list --line-numbers -n

Running this command should output all your table rules. Your new rule will appear as:

Chain OUTPUT (policy DROP)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:43 ctstate NEW

Allow OpenVPN

To allow OpenVPN through CSF / Iptables, run the following command. Replace tun0 with your channel adapter name.

TUN_ADAPTER=$(ip -br l | awk '$1 ~ "^tun[0-9]" { print $1}')
sudo iptables -A FORWARD -o ${TUN_ADAPTER} -j ACCEPT

Next, add a POSTROUTING rule. If you do not want to use your default adapter name, replace ${ETH_ADAPTER} with the name. For ours, we will use eth0.

ETH_ADAPTER=$(ip route | grep default | sed -e "s/^.*dev.//" -e "s/.proto.*//")
sudo iptables -t nat -A POSTROUTING -o ${ETH_ADAPTER} -j MASQUERADE

Now we need to add a few rules for the IP block our OpenVPN server will use. In this example, we'll use 10.8.0.0/24.

ETH_ADAPTER=$(ip route | grep default | sed -e "s/^.*dev.//" -e "s/.proto.*//")
sudo iptables -t nat -A POSTROUTING -s "10.8.0.0/24" -o ${ETH_ADAPTER} -j MASQUERADE

Next, add the iptable rules for your OpenVPN server's port. Replace 1194 with your OpenVPN port if it is different. Replace ${ETH_ADAPTER} with your desired ethernet adapter name if you do not wish to use the default defined below.

ETH_ADAPTER=$(ip route | grep default | sed -e "s/^.*dev.//" -e "s/.proto.*//")
sudo iptables -A INPUT -i ${ETH_ADAPTER} -m state --state NEW -p udp --dport 1194 -j ACCEPT
sudo iptables -A FORWARD -i tun+ -o ${ETH_ADAPTER} -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i ${ETH_ADAPTER} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT

Finally, set the adapter name tun+ to have access to the OUTPUT chain.

The + symbol is a wildcard rule; which means that if you create multiple OpenVPN tunnels, they'll automatically be allowed through the OUTPUT chain, such as tun1, tun2, etc. If you only want one specific tunnel to be allowed, change tun+ to tun0, or whatever tunnel you want to allow.

sudo iptables  -A OUTPUT -o tun+ -j ACCEPT

Your OpenVPN server should now be able to allow connections between CSF / Iptables and OpenVPN.

---

References for More Help

If you need additional help apart from this guide to configure CSF; use the following pages for more help:

• Chapter 1: How to Install and Configure CSF Firewall on Linux
• Chapter 2: How to Enable CSF Firewall Web UI

---

Questions & Answers

Have a question? See if it's answered here:

I can't get the statistics button to show

In order to view statistics in CSF, you must ensure you do the following steps. First, enable the setting within /etc/csf/csf.conf:

ST_ENABLE = "1"

You can confirm the setting by running:

grep ST_ENABLE /etc/csf/csf.conf

# Should return:
ST_ENABLE = "1"

Next, ensure you have the ServerStats perl module installed:

ls -l /usr/local/csf/lib/ConfigServer/ServerStats.pm

# Should return:
-rw------- 1 root root 138268 Aug 25 08:46 /usr/local/csf/lib/ConfigServer/ServerStats.pm

Finally, ensure you installed the perl module GD::Graph / GD:

# Ubuntu/Debian
sudo apt-get install -y libgd-graph-perl libgd-perl

# CentOS/RHEL
sudo yum install -y perl-GDGraph perl-GD

Then give CSF / LFD a restart:

sudo csf -ra

You can also run the following command to test the required module. If no errors pop up, then you should be able to run the statistics functionality without issues:

perl /usr/local/csf/lib/ConfigServer/ServerStats.pm

What other perl modules are required?

You can confirm the required perl modules by running in terminal:

# Core modules (usually installed, but included for completeness)
perl -MCPAN -e 'install strict'
perl -MCPAN -e 'install warnings'
perl -MCPAN -e 'install IO::Socket::INET'
perl -MCPAN -e 'install Socket'
perl -MCPAN -e 'install File::Path'
perl -MCPAN -e 'install File::Basename'
perl -MCPAN -e 'install File::Copy'
perl -MCPAN -e 'install File::Temp'
perl -MCPAN -e 'install Fcntl'
perl -MCPAN -e 'install Time::Local'
perl -MCPAN -e 'install POSIX'
perl -MCPAN -e 'install IPC::Open3'
perl -MCPAN -e 'install Sys::Hostname'
perl -MCPAN -e 'install Cwd'

# ServerStats and web reporting modules
perl -MCPAN -e 'install IO::Socket::SSL'
perl -MCPAN -e 'install LWP::UserAgent'
perl -MCPAN -e 'install HTTP::Request'
perl -MCPAN -e 'install JSON'
perl -MCPAN -e 'install Net::SSLeay'
perl -MCPAN -e 'install Crypt::SSLeay'
perl -MCPAN -e 'install Digest::MD5'
perl -MCPAN -e 'install Digest::SHA'

# Optional / recommended modules for extended CSF features
perl -MCPAN -e 'install Regexp::Common'
perl -MCPAN -e 'install Email::Valid'
perl -MCPAN -e 'install Time::HiRes'
perl -MCPAN -e 'install Mail::Sendmail'
perl -MCPAN -e 'install Net::SMTP'

Or if you’re on a Debian/Ubuntu system:

apt-get install -y perl libio-socket-ssl-perl libwww-perl libjson-perl libnet-ssleay-perl libcrypt-ssleay-perl

On CentOS/RHEL:

yum install -y perl perl-IO-Socket-SSL perl-libwww-perl perl-JSON perl-Net-SSLeay perl-Crypt-SSLeay

Or you can install using CPAN

cpan install IO::Socket::SSL LWP::UserAgent JSON Net::SSLeay Crypt::SSLeay Digest::MD5 Digest::SHA Email::Valid

Are you officially taking over development on CSF?

Yes. This repository will continue to release updates to Config Server Firewall, both bug fixes and new functionality.

What happened to the dark theme?

The dark theme was officially integrated into ConfigServer Firewall. It will release with v with a theme selector.

Will cPanel continue to support CSF?

I cannot say for certain. Nobody from cPanel has reached out to me. I hope they continue to support it.

what about documentation?

Since I started managing ConfigServer Firewall; I have been working on re-doing the current documentation so that it supports CSF in its entirety.

I see emojis, is this written with AI?

I hate AI. If you enjoy using it, that's fine. I have a few select emojis that I use which indicate whether my docs are talking about a folder or file. I have written it all by hand.

---

Contributors ✨

We are always looking for contributors. If you feel that you can provide something useful to Gistr, then we'd love to review your suggestion. Before submitting your contribution, please review the following resources:

• Pull Request Procedure
• Contributor Policy

Want to help but can't write code?

• Review active questions by our community and answer the ones you know.

The following people have helped get this project going:

Aetherinox 💻 📆 🔍