As of late 2025, ConfigServer has fully open-sourced CSF (ConfigServer Firewall) and moved the official repository to GitHub: https://github.com/ConfigServer/csf
This means you no longer have to download csf.tgz from their old website — you can install the very latest version directly from GitHub.
Supported Operating Systems
- AlmaLinux, Rocky Linux, CloudLinux (7, 8, 9)
- CentOS 7 (until EOL)
- RHEL 7/8/9 derivatives
- Ubuntu 20.04/22.04/24.04 (with some caveats for firewalld/systemd)
- Debian 11/12
- cPanel, DirectAdmin, Webmin/Virtualmin, or no control panel at all
Prerequisites
- Root SSH access
- Perl installed (perl package)
- wget, tar, gzip, and standard build tools
- iptables or nftables (CSF auto-detects)
- For cPanel: nothing extra needed — it fully supports CSF
Step-by-Step Installation (Latest Method – December 2025)
# 1. Login as root
sudo su -
# 2. Remove any old CSF installation (safe if not installed)
cd /usr/src
rm -fv csf.tgz
rm -rf csf/
# 3. Download and extract the latest release directly from GitHub
wget https://github.com/ConfigServer/csf/archive/refs/tags/v14.XX.tar.gz -O csf-latest.tar.gz
# (Replace v14.XX with the actual latest tag you see on GitHub releases page)
# Or use the direct latest release link (recommended):
wget https://github.com/ConfigServer/csf/releases/latest/download/csf.tgz
# Alternative: Always get the absolute latest (even pre-release)
# wget https://github.com/ConfigServer/csf/archive/refs/heads/master.tar.gz -O csf-master.tar.gz
tar -xzf csf.tgz
cd csf
# 4. Run the official install script
sh install.shIf you used the generic GitHub URL method:
# If you downloaded the master branch version:
cd csf-csf-master # folder name varies
sh install.shUniversal One-Liner (Always Gets Latest Official Release)
cd /usr/src && \
rm -rf csf* && \
wget https://github.com/ConfigServer/csf/releases/latest/download/csf.tgz && \
tar -xzf csf.tgz && \
cd csf && \
sh install.shPost-Installation Steps
# 1. Test which modules are installed and working
perl /usr/local/csf/bin/csftest.pl
# You should see no fatal errors (warnings about missing optional modules are fine)2. Basic cPanel Integration (if using cPanel)
cPanel automatically detects CSF after installation.
Go to WHM → Plugins → ConfigServer Security & Firewall
You will now see the full CSF UI.
3. Disable conflicting firewalls (IMPORTANT)
# If using firewalld (common on Alma/Rocky 8+)
systemctl stop firewalld
systemctl disable firewalld
# If using Ubuntu with ufw
ufw disable
# On cPanel servers with old iptables firewalls
systemctl stop iptables 2>/dev/null
systemctl disable iptables 2>/dev/null4. Basic Secure Initial Configuration
Edit /etc/csf/csf.conf and consider these recommended settings for a production server:
# Change from TESTING = "1" to "0" when you're ready
TESTING = "0"
# Restrict SSH port (recommended)
TCP_IN = "20,21,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096"
TCP_OUT = "1:65535"
UDP_IN = "20,21,53,80,443,2077,2078,2079,2080,2082,2083,2086,2087,2089"
UDP_OUT = "1:65535"
# Change SSH port (optional but recommended)
SSH_PORT = "2222" # or any high port
# Enable Country Code blocking (optional)
CC_DENY = "CN,RU,KR" # example: block China, Russia, Korea
# Enable Login Failure Daemon (lfd)
LF_ENABLE = "1"Then restart CSF:
csf -r5. Upgrade CSF in the Future (Super Easy Now)
csf -u # This checks and upgrades from official GitHub automaticallyOr force upgrade from latest GitHub:
cd /usr/src
rm -rf csf*
wget https://github.com/ConfigServer/csf/releases/latest/download/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
csf -rUninstall (if needed)
cd /etc/csf
sh uninstall.shOfficial Links (2025)
- GitHub Repository: https://github.com/ConfigServer/csf
- Releases: https://github.com/ConfigServer/csf/releases
- Documentation: https://github.com/ConfigServer/csf/blob/master/README.md
That’s it! You now have the latest open-source CSF installed directly from GitHub, fully compatible with cPanel or any modern Linux server.
Enjoy the faster updates and transparency of the new open-source era of CSF! 🚀