Install CSF on Cpanel

Remove any old versions: rm -fv csf.tgz
Download and install:

tar -xzf csf.tgz
cd csf

To disable run this from root:


To update from root run this:

/usr/sbin/csf -u

To flush all blocks run this:

/usr/sbin/csf -f

Usage: /usr/sbin/csf [option] [value]

Option Meaning
-h, –help Show this message
-l, –status List/Show iptables configuration
-s, –start Start firewall rules
-f, –stop Flush/Stop firewall rules
-r, –restart Restart firewall rules
-a, –add [ip] Add an IP address to be whitelisted to /etc/csf.allow
-d, –deny [ip] Add an IP address to be blocked to /etc/csf.deny
-u, –update Checks for updates to csf+lfd and performs an upgrade if available
-x, –disable Disable csf and lfd
-e, –enable Enable csf and lfd if previously disabled
-v, –version Show csf version

If you would like to disable APF+BFD (which you will need to do if you have
them installed otherwise they will conflict horribly):


That’s it. You can then configure csf and lfd in WHM, or edit the files
directly in /etc/csf/*

csf is preconfigured to work on a cPanel server with all the standard cPanel
ports open. It also auto-configures your SSH port if it’s non-standard on

You should ensure that kernel logging daemon (klogd) is enabled. Typically, VPS
servers have this disabled and you should check /etc/init.d/syslog and make
sure that any klogd lines are not commented out. If you change the file,
remember to restart syslog.

See the readme.txt file for more information.

Removing csf and lfd is even more simple:

cd /etc/csf