Hosting or Servers Logo
How to Install CSF (Config Server Firewall) on Centos 8

What is CSF

CSF (Config Server Firewall) is an SPI (Stateful Packet Inspection) firewall and Login/Intrusion Detection application for Linux servers. It contains the firewall (CSF) and an LFD (Login Failure Daemon) which is flexible and does not require an expert level of knowledge to configure. The LFD runs constantly in the background and scans the latest logs on a periodic basis looking for any login attempts against the server. The LFD can recognize attempted login patterns and block any IP addresses that break its rules. The CSF / LFD has its own GUI interface or there are options to control it through an external CP (Control Panel) such as Virtualmin.

How to Install CSF on Centos 8

The first thing to do is make sure Centos is up to date with the following command line instructions: -

sudo dnf makecache

This downloads and caches the latest metadata for any enabled repositories. This is only really necessary if the metadata is outdated.

Picture of terminal with command dnf makecache showing

sudo dnf check-update

This will check to see if there are any updates available for the software installed on the server.

Picture of terminal with command dnf check-update showing

sudo dnf update or sudo dnf upgrade

These commands will both download and install any available updates to the server. Either command can be used according to personal preference.

Picture of terminal with command dnf upgrade showing

Once the server is updated you can move onto installing CSF.

Enter the following commands in your terminal remembering to hit return after each.

sudo dnf install wget tar

This command will install wget which you will use to download CSF and tar which is necessary to decompress the CSF file you will download.

sudo dnf install @perl

This command will install perl.

sudo dnf install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph perl-Math-BigInt

The final command will install the perl modules you need for the CSF installation.

You can check that perl is successfully installed with the following command.

perl -v

Picture of terminal and command line dnf makecache

Begin the CSF installation.

cd /tmp

Switch to the tmp directory


Use wget to download the cfs.tgz file directly from

tar -xzf csf.tgz

Expand the file ready to begin the installation procedure.

cd /csf

Switch into the newly created csf directory.

sh or ./

Run the installation script

perl /usr/local/csf/bin/

Once CSF has finished installing you can use this command to test if it is able to correctly run on your system.

Testing CSF installation in a terminal window

As of Centos 7 there has been a built-in firewall, firewalld. This needs to be stopped and prevented from automatically starting on boot or else it will prevent CSF from working. Enter these 2 commands to do this.

systemctl stop firewalld

systemctl disable firewalld

You should now check to see if CSF is running.

sudo systemctl status csf

Testing to Confirm CSF is running

If CSF is not showing as active, then try using either of the following restart commands and then check again.

/etc/init.d/csf restart [or] csf -r

You should now also check to see if LFD is running.

sudo systemctl status lfd

Terminal window to Check lfd status

If LFD is not showing as active, then try using either of the following restart commands and then check again.

/etc/init.d/lfd restart [or] lfd -r

When CSF runs for the first time it is in testing mode. If you are happy with the default settings or at least want to have a basic firewall running while you continue to fine tune, then it is time to fire up your favorite command line editor and make a change in the CSF configuration files.

Switch to the CSF directory and edit the file csf.conf using an editor in your terminal window.

cd /etc/csf

On line 11 change the value of Testing from 1 to 0. Make sure to save the file afterwards.

Testing = "0"

Restart CSF and LFD

/etc/init.d/csf restart [or] csf -r

/etc/init.d/lfd restart [or] lfd -r

Set CSF and LFD to startup at boot time.

systemctl enable csf

systemctl enable lfd

CSF should now be running and protecting your server. We will go into more details about configuring it to suit your requirements in another article. We will also cover using CSF when running a Control Panel such as Webmin/ Virtualmin.

You Are Leaving Us

This link is being provided as a convenience and for informational purposes only it is not an endorsement or an approval of any of the products, services or opinions of the corporation or organization or individual. bears no responsibility for the accuracy, legality or content of the external site or for that of subsequent links.