How to install a firewall on a Linux VPS server?

A Firewall typically works as a barrier between an official, Trusted network and an untrusted network on the internet.

Additionally, it provides protection from cyber attackers/hackers by shielding your computer or network from malicious or unnecessary network traffic. A VPS (Virtual Private Server) is an online machine sold as a service via an internet hosting service.

Moreover, a virtual private server running its own copy of the operating system may have superuser-level access to the operating system. Additionally, a virtual server costs much less than a physical server.

Currently, many people carry out their projects, jobs and technical works online amid which, many hackers can be traced online. Hence you need to secure your confidential information and notes from online hackers. For which, a VPS server is much needed for one’s computer/device.

CSF (ConfigServer Firewall) is a popular and powerful firewall package for Linux workstations. Even though it has more extensive configuration choices, it’s far too simple to set up and customise. This post will show you how to set up CSF. Please keep in mind that the following lesson is only for clients who have a VPS or a dedicated server.

Using the wget command, connect to your server through SSH as root and retrieve the CSF package files.

How to install a firewall on a VPS ?


Unpack the downloaded archive.

 tar xfz csf.tgz

Navigate to the uncomperssed csf directory.

 cd csf

Run the installer.


It will create a configuration file and add necessary cPanel services to allow the list. Once the firewall is installed, you will see a message similar to the following.

TCP ports currently listening for incoming connections:

UDP ports currently listening for incoming connections:

Note: The port details above are for information only, csf hasn't 
been auto-configured.

Don't forget to:
1. Configure the TCP_IN, TCP_OUT, UDP_IN and UDP_OUT options in 
the csf configuration to suite your server
2. Restart csf and lfd
3. Set TESTING to 0 once you're happy with the firewall

Adding current SSH session IP address to the csf whitelist in csf.allow:
Adding to csf.allow only while in TESTING 
mode (not iptables ACCEPT)
*WARNING* TESTING mode is enabled 
- do not forget to disable it in the configuration

Installation Completed

Start CSF testing mode by the following command.

systemctl start csf

Once you finish the testing, bring CSF out of testing mode by editing csf.conf file. Open this file in any editor of your choice. We have used nano editor to edit this file as follows.

 nano /etc/csf/csf.conf

At top of this file, you will find the following text block.

# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab

Edit the last line of this block and save the changes.


Restart the CSF. That’s it, your CSF firewall is up and running.

systemctl restart csf