Secure & Harden Centos VPS Server (Install CSF Firewall)

Install Config Server Firewall:

There are two top-quality firewalls available: APF (Advanced Firewall Policy) & CSF (Config Server Firewall). There is an unending debate on which is better.

Most people believe that CSF is better because it offers more configuration options.

Only one of the two can be installed at any one time.

Both, CSF & APF works with iptables so you must make sure iptables is installed

You can check the status of iptables with the command

service iptables status

and install it with the command

yum install iptables* -y

Install CSF (Config Server Firewall)

(If APF + BFD is already installed, it should be removed with the command

sh /etc/csf/

Download and install CSF

tar zxvf csf.tgz
cd csf

Then start CSF

/etc/init.d/csf restart

And edit its configuration file

nano /etc/csf/csf.conf

You can leave all the values at their default but change the testing flag to ‘0’

Restart CSF

/etc/init.d/csf restart

This will cause the firewall to start.

To access various commands such as add / remove an IP address to be blocked/ whitelisted, show configuation, stop, restart etc, type


and all the options will show


CSF now incorporates a “Login Failure Daemon” (lfd). What this does is to scan the latest log file entries for login attempts. If there are repeated fails, the Daemon assumes that there is a “Brute-force attack” and blocks the IP address from the incoming and outgoing connections. The result is that not only can you not log-into the SSH but you also cannot access the website.

The log file records the details of the IPs that are blocked. It can be accessed here:

nano /var/log/lfd.log

A typical entry is like this

Aug 9 15:17:05 vps lfd[3674]: (sshd) Failed SSH login from (DE/Germany/ 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]

One great thing about the lfd daemon is that you can receive an email every time there is a login attempt. To enable that access the csf config file with the command

nano /etc/csf/csf.conf

Now locate the lines “LF_ALERT_TO” and “LF_ALERT_FROM” and enter your email address.

Restart the lfd daemon with the command

service lfd restart

You can also restart csf with the command

csf -r

Then whenever, there is a You will receive a message like this:

lfd on SSH login alert for user superuser from (IN/India/

3 thoughts on “Secure & Harden Centos VPS Server (Install CSF Firewall)

Leave a Reply

Your email address will not be published. Required fields are marked *