Increase Server Security - Remove ports from /etc/csf/csf.conf


Managing Director
Staff member
CentOS 7 comes with "firewalld" which is an advanced firewall software. However, it can take a lot of time to configure zones and entries.

CSF (ConfigServer Security & Firewall) offers excellent functionality with easy configuration. We can install CSF on CentOS and other supported operating systems. CSF does not require a control panel to function; however, when we combine it with cPanel, we can manage CSF settings from the GUI.

If you have a static IP or if you connect through a VPN, you can put the IP address in "csf.allow" and then remove the port(s) from TCP_IN and TCP_OUT in the file "/etc/csf/csf.conf". Similarly, remove the ports for TCP6_IN and TCP6_OUT.

For example, if the static IP of your Internet connection is and you want to allow access to WHM only from your IP, then put the IP in the file "/etc/csf/csf.allow" and remove the ports 2086 and 2087 from "/etc/csf/csf.conf". Similarly, you can set it up for IMAP if you do not want anyone else to access your mailbox through an IMAP client.

We can achieve the above result by putting respective entries in the "/etc/hosts.allow" and "/etc/hosts.deny" files, however, when we implement it through the firewall, it gets blocked at an earlier stage.

As always, remember to reload CSF after making changes to the configuration file.
csf -r

Thank you for reading. To provide feedback or to request a new tutorial please contact us.