CSF Firewall on cPanel: 2026 Setup Guide

13 March 2026

5 min read

If you manage a cPanel server, you’ve almost certainly come across CSF firewall. ConfigServer Security & Firewall has been the go-to firewall for cPanel servers for over a decade. But in August 2025, ConfigServer (Way to the Web Ltd) shut down permanently, leaving thousands of server administrators wondering what happens next. The good news? CSF firewall on cPanel is alive, maintained, and still the best firewall option for your server in 2026.

In February 2026, cPanel officially forked CSF and now maintains it under the GPLv3 licence. If you’re running a cPanel server, your firewall isn’t going anywhere. This guide covers everything you need to know about installing and configuring CSF on cPanel in 2026, including what changed and what stayed the same.

What’s in This Post

What Is CSF and Why Does It Matter?
What Happened to ConfigServer?
The cPanel Fork: What Changed in 2026
How to Install CSF Firewall on cPanel in 2026
Essential CSF Configuration Settings
Security Best Practices for CSF
Common Issues and Troubleshooting
What About Non-cPanel Servers?
Final Thoughts

What Is CSF and Why Does It Matter?

CSF (ConfigServer Security & Firewall) is a stateful packet inspection firewall, login detection system, and security suite for Linux servers. It works alongside LFD (Login Failure Daemon) to monitor your server for suspicious activity and automatically block threats.

What makes CSF particularly valuable for cPanel servers is its deep integration with WHM. Rather than manually writing iptables rules, CSF gives you a clean web interface to manage firewall rules, block IP addresses, whitelist trusted connections, and configure brute force protection.

Key features include:

Automatic blocking of brute force login attempts (SSH, SMTP, FTP, cPanel)
Country-based IP blocking and allowing
Port management with simple allow/deny rules
Connection tracking and rate limiting
SYN flood protection
Integration with Blocklists.de and other threat feeds
Process tracking and suspicious process alerts
WHM/cPanel plugin for easy management

For UK hosting providers and server administrators, CSF has been essential. It handles the kind of adaptive security that would otherwise require hours of manual iptables configuration. If you’re running a web hosting setup for your business, your server almost certainly benefits from CSF.

What Happened to ConfigServer?

Way to the Web Ltd, the company behind ConfigServer, announced its closure in July 2025 with barely a month’s notice. The business permanently shut down on 31 August 2025, with all support and distribution ending on that date.

The shutdown caught many in the hosting industry off guard. ConfigServer had been a staple of cPanel server security for years. Their suite included CSF (the firewall), CXS (exploit scanner), CMQ (mail queue manager), and several other tools that admins relied on daily.

Before closing, Way to the Web released CSF’s source code under the GNU General Public License v3 (GPLv3), making it free for the community to fork and maintain. The original download server at download.configserver.com went offline, and the GitHub repository was eventually removed. Existing installations continued to work, but without updates or new installs available from the original source.

For server administrators, this meant a working firewall with no future patches. That’s not a comfortable position when you’re responsible for keeping servers secure.

Looking for fast, reliable UK hosting?

Our plans start from £4.99/month with everything included: SSL, backups, email, and 24/7 support.

View Hosting Plans →

The cPanel Fork: What Changed in 2026

On 18 February 2026, cPanel stepped in. They announced an official fork of CSF, published on their public GitHub repository under the original GPLv3 licence. This fork focuses on critical security and stability fixes, ensuring that cPanel servers running CSF continue to receive updates.

Here’s what happened:

Automatic migration: cPanel automatically updated CSF configurations on eligible servers to point to their update mirrors instead of the defunct ConfigServer source
Same rules, same config: Your existing CSF rules and configuration remain unchanged. The fork simply provides a new update source
GPLv3 licence maintained: The open-source licence carries over, keeping CSF free to use
GitHub repository: The cPanel CSF fork is available at github.com/cpanel/cpanel-csf

Eligibility for automatic migration required:

cPanel & WHM with the original CSF plugin installed
CSF still configured to use the original ConfigServer update source
CSF version 14.0 or newer
AUTO_UPDATES enabled in CSF settings

If your server met these criteria, the switch happened automatically. If not, you may need to update manually (covered in the installation section below).

How to Install CSF Firewall on cPanel in 2026

Whether you’re setting up a fresh server or need to install CSF for the first time, the process in 2026 uses the cPanel-maintained fork. Here’s how to do it step by step.

Prerequisites

Before installing CSF, ensure your server meets these requirements:

Root SSH access to your server (all commands must be run as root)
cPanel & WHM installed and licensed
Perl installed (CSF is written in Perl)
firewalld removed (CSF does not function with it)

Step 1: Remove firewalld

CSF does not function with the firewalld utility. If it’s installed on your server, you must remove it first:

# AlmaLinux, CloudLinux, or Rocky Linux:
sudo yum remove firewalld

# Ubuntu:
sudo apt remove firewalld

Step 2: Install CSF from the cPanel Repository

On cPanel & WHM servers, CSF is now available as a package from cPanel’s own repository. Install it with a single command:

# AlmaLinux, CloudLinux, or Rocky Linux:
sudo yum install cpanel-csf

# Ubuntu:
sudo apt install cpanel-csf

That’s it. No manual downloads, no extracting tarballs. The package handles the full installation and WHM plugin setup automatically.

Step 3: Verify the Installation

After installation, check that all required iptables modules are available:

perl /usr/local/csf/bin/csftest.pl

This script checks for required kernel modules. You should see “RESULT: csf should function on this server” if everything is in order.

Step 4: Access CSF in WHM

Once installed, CSF appears in WHM under:

WHM → Home → Plugins → ConfigServer Security & Firewall

From here you can manage all firewall settings, view logs, and configure security options through the web interface. The installation process should enable the correct ports in CSF, but we recommend confirming this on your server.

Step 5: Disable Testing Mode

CSF installs in TESTING mode by default, which means your firewall rules are flushed every five minutes. Once you’ve confirmed everything works correctly, disable testing mode through WHM:

In the CSF plugin, click Firewall Configuration
In the Initial Settings section, set the Testing toggle to Off
Click Change
Click Restart csf+lfd
Click Return

Alternatively, you can do this via the command line:

# Edit the CSF configuration
nano /etc/csf/csf.conf

# Change TESTING = "1" to:
TESTING = "0"

# Then restart CSF
csf -r

Essential CSF Configuration Settings

The main configuration file lives at /etc/csf/csf.conf. Here are the settings every server administrator should review after installation.

Port Configuration

CSF controls which ports are open on your server. The defaults are sensible for cPanel, but review them:

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096"

Remove any ports you don’t need. For example, if you don’t use FTP, remove ports 20 and 21.

Login Failure Daemon (LFD) Settings

LFD monitors login attempts and blocks IPs that fail too many times:

# Number of failed login attempts before blocking
LF_TRIGGER = "5"

# Temporary block duration in seconds (3600 = 1 hour)
LF_TRIGGER_PERM = "3600"

# Enable SSHD login tracking
LF_SSHD = "5"

# Enable cPanel login tracking
LF_CPANEL = "5"

Connection Limits

# Maximum concurrent connections per IP
CT_LIMIT = "300"

# Connection tracking interval in seconds
CT_INTERVAL = "30"

Country-Based Blocking

One of CSF’s most powerful features. If your website primarily serves UK visitors, you can restrict access from high-risk regions:

# Block all traffic from specific countries (use ISO codes)
CC_DENY = ""

# Allow only specific countries (use carefully)
CC_ALLOW = ""

# Block specific countries for certain ports only
CC_DENY_PORTS = "22"
CC_DENY_PORTS_TCP = "CN,RU,BR"

Be careful with country blocking. Only apply it to services that don’t need global access. Blocking countries from port 80/443 will prevent legitimate web traffic.

Security Best Practices for CSF in 2026

Installing CSF is just the start. Here are the settings and practices that will keep your server properly protected.

Enable SYNFLOOD Protection

SYNFLOOD = "1"
SYNFLOOD_RATE = "100/s"
SYNFLOOD_BURST = "150"

Enable Port Scan Detection

PS_INTERVAL = "300"
PS_LIMIT = "10"

Configure Email Alerts

CSF can email you when important events occur. Set your admin email address:

LF_ALERT_TO = "admin@yourdomain.co.uk"
LF_ALERT_FROM = "csf@yourdomain.co.uk"

Whitelist Your Own IPs

Add your office or home IP to /etc/csf/csf.allow to avoid locking yourself out:

csf -a 203.0.113.50 "Office IP"

Keep Auto-Updates Enabled

With the cPanel fork now providing updates, keep AUTO_UPDATES enabled:

AUTO_UPDATES = "1"

This ensures you receive security patches as cPanel releases them.

Regular Security Audits

Pair CSF with regular security reviews. Check your server performance metrics alongside security logs to ensure the firewall isn’t impacting legitimate traffic. Review blocked IPs periodically and check that LFD alerts are reaching you.

Common Issues and Troubleshooting

Locked Out of Your Server

If you’ve accidentally blocked your own IP, you’ll need console access (IPMI, KVM, or your hosting provider’s emergency console):

# Flush all firewall rules temporarily
csf -f

# Then whitelist your IP
csf -a YOUR_IP_ADDRESS

# Restart CSF
csf -r

CSF Not Starting After Reboot

Ensure CSF is enabled at boot:

systemctl enable csf
systemctl enable lfd

Update Errors After ConfigServer Shutdown

If you’re seeing errors about failed updates pointing to download.configserver.com, your CSF hasn’t been migrated to the cPanel fork yet. Update the source manually:

# Check current update URL
grep "URLGET" /etc/csf/csf.conf

# Reinstall from cPanel's repository:
# AlmaLinux/CloudLinux/Rocky Linux:
sudo yum install cpanel-csf

# Ubuntu:
sudo apt install cpanel-csf

High Server Load from LFD

If LFD is using too many resources, adjust the check interval:

LF_PARSE = "10"
LF_FLUSH = "3600"

Email Delivery Issues

CSF can sometimes block legitimate email connections. Ensure your mail server IPs are whitelisted and SMTP ports (25, 465, 587) are open in both TCP_IN and TCP_OUT.

What About Non-cPanel Servers?

The cPanel fork is specifically for cPanel & WHM systems. If you’re running a server without cPanel, you have a few options:

Community forks: Several community-maintained CSF forks exist on GitHub, including ConfigServer.dev and the Aetherinox fork
Alternative firewalls: Consider UFW (Uncomplicated Firewall) for simpler setups, or nftables for modern Linux distributions
Imunify360: A commercial option that includes firewall, malware scanning, and intrusion detection in one package

For most WordPress hosting environments running cPanel, though, the cPanel-maintained CSF fork remains the best choice. It’s free, well-maintained, and deeply integrated with the control panel.

Is your website holding your business back?

Run our free 30-second health check – no signup required. Check speed, security, and SEO issues instantly.

Check My Website →

Final Thoughts

The ConfigServer shutdown was a wake-up call for the hosting industry, but it wasn’t the end of CSF. cPanel’s decision to fork and maintain the firewall means that the thousands of servers relying on CSF continue to be protected.

If you’re running a cPanel server in 2026, CSF remains the recommended firewall solution. The installation process has changed slightly (you’re now pulling from cPanel’s repository rather than ConfigServer’s), but the firewall itself works exactly as it always has. Your existing rules, configurations, and workflows remain the same.

For UK businesses running their own servers or managing hosting for clients, keeping CSF properly configured is one of the most important things you can do for server security. Pair it with regular updates, strong passwords, and a reliable hosting provider, and your server will be well protected.

Server security doesn’t have to be complicated. CSF makes it manageable, and with cPanel now maintaining it, you can trust it’s in good hands for the foreseeable future.

One response to “CSF Firewall on cPanel: 2026 Setup Guide”

How to Set Up SPF, DKIM, and DMARC in cPanel

16 March 2026

[…] Note: If your domain’s DNS is managed externally (for example, through Cloudflare or another provider), cPanel won’t be able to install the record automatically. You’ll need to copy the DKIM record and add it manually in your DNS provider’s control panel. If you’re unsure how to do this, your hosting provider should be able to help. For guidance on securing your hosting environment more broadly, have a look at our guide to setting up CSF Firewall in cPanel. […]