{"id":53535,"date":"2026-06-08T14:04:06","date_gmt":"2026-06-08T18:04:06","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/support\/?p=53535"},"modified":"2026-06-09T10:49:02","modified_gmt":"2026-06-09T14:49:02","slug":"install-csf-on-ubuntu","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/","title":{"rendered":"How to Install ConfigServer Security &#038; Firewall (CSF) on Ubuntu"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><strong>ConfigServer Security &amp; Firewall (CSF) <\/strong>is a widely used firewall for Linux VPS and Dedicated Servers. It sits in front of iptables and provides a single configuration file for controlling ports, blocking brute-force login attempts, and whitelisting trusted IPs. This guide covers installing CSF on Ubuntu using the current community-maintained source, so your server is protected before you expose anything publicly.<\/p>\n\n\n\n<p class=\"alert alert-warning wp-block-paragraph\">Way to the Web Ltd, the original developer of CSF, permanently shut down on August 31, 2025, and released the project under the GPLv3 license. The original download host, download.configserver.com, is offline. The community-supported continuation of Ubuntu and other Debian-based servers is the Aetherinox fork, available from download.configserver.dev. cPanel users on WHM and RHEL-based servers have a separate cPanel-maintained fork; this article covers Ubuntu only and applies to the current Ubuntu LTS releases, 22.04 LTS, 24.04 LTS, and 26.04 LTS.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Prerequisites<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An Ubuntu VPS, Dedicated, or Cloud server with root or sudo access.<\/li>\n\n\n\n<li>Basic familiarity with the command line and a working SSH session. See <a href=\"https:\/\/www.inmotionhosting.com\/support\/server\/ssh\/how-to-login-ssh\/\">How to Connect to Your Server with SSH<\/a> if you need help connecting.<\/li>\n\n\n\n<li>Port 22 open and reachable for your current session. You will be restarting the firewall during this process, and locking yourself out of Secure Shell (SSH) is the most common mistake.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Step 1: Install Dependencies<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">CSF relies on several Perl modules and <code>ipset<\/code> for its blocking engine. Installing them first prevents a failed install with cryptic Perl errors.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #B392F0\">sudo<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">apt-get<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">update<\/span><span style=\"color: #E1E4E8\"> &amp;&amp; <\/span><span style=\"color: #B392F0\">sudo<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">apt-get<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">install<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #79B8FF\">-y<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">ipset<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">libcrypt-ssleay-perl<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">libio-socket-inet6-perl<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">libio-socket-ssl-perl<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">libnet-libidn-perl<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">libsocket6-perl<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">perl<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">wget<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">When <code>apt-get<\/code> finishes without errors, you are ready to download CSF.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 2: Download and Extract CSF<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Download the current release tarball from the community source at <code>configserver.dev<\/code>, then extract it.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #B392F0\">wget<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">https:\/\/download.configserver.dev\/csf.tgz<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #B392F0\">tar<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #79B8FF\">-xzf<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">csf.tgz<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p class=\"alert alert-info wp-block-paragraph\"><strong>Tip:<\/strong> If you prefer a one-command install that downloads and runs the installer automatically, use the helper script instead: <code>bash &lt;(wget -qO - https:\/\/get.configserver.dev)<\/code>. This one-liner uses bash process substitution, so run it in a bash shell. The manual steps below give you more control and are recommended for first-time installs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 3: Run the Pre-Install Test<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Before installing, CSF ships a test script that checks whether your kernel supports all the iptables modules it needs. Running it now catches missing modules before they cause problems later.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #79B8FF\">cd<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">csf<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B392F0\">sudo<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">perl<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">csftest.pl<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Review the output. Lines marked <code>FATAL<\/code> mean a required kernel feature is missing, and CSF will not work correctly. Lines marked <code>WARNING<\/code> indicate optional features that are absent but not blocking.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">On a standard Ubuntu VPS or Dedicated Server, you should see no <code>FATAL<\/code> errors. If you do, contact your server provider, because the kernel may need to be rebuilt with the missing module.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 4: Install CSF on Ubuntu<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">With the pre-install test passing, run the installer from inside the <code>csf<\/code> directory.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #B392F0\">sudo<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">sh<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">install.sh<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">The installer copies CSF&#8217;s files to <code>\/etc\/csf\/<\/code> and <code>\/usr\/local\/csf\/<\/code>, installs the <code>csf<\/code> and <code>lfd<\/code> system services, and loads the default iptables rules. When it finishes, you will see a line confirming that CSF and lfd have started.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 5: Configure Allowed Ports<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">CSF starts in testing mode (<code>TESTING = \"1\"<\/code>), which means all iptables rules are flushed every five minutes, so a misconfiguration cannot permanently lock you out. Open <code>\/etc\/csf\/csf.conf<\/code> in your preferred editor and review the port settings before you disable testing mode.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #B392F0\">sudo<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">nano<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">\/etc\/csf\/csf.conf<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">The four key directives are <code>TCP_IN<\/code>, <code>TCP_OUT<\/code>, <code>UDP_IN<\/code>, and <code>UDP_OUT<\/code>. Each is a comma-separated list of ports. A reasonable starting point for a generic Ubuntu server looks like this:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>Directive<\/th><th>Purpose<\/th><th>Common ports<\/th><\/tr><\/thead><tbody><tr><td><code>TCP_IN<\/code><\/td><td>Inbound TCP connections allowed<\/td><td>22 (SSH), 80 (HTTP), 443 (HTTPS)<\/td><\/tr><tr><td><code>TCP_OUT<\/code><\/td><td>Outbound TCP connections allowed<\/td><td>22, 25, 80, 443, 587, 993, 995<\/td><\/tr><tr><td><code>UDP_IN<\/code><\/td><td>Inbound UDP allowed<\/td><td>53 (DNS, if this server is a resolver)<\/td><\/tr><tr><td><code>UDP_OUT<\/code><\/td><td>Outbound UDP allowed<\/td><td>53 (DNS)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Add mail ports (25, 465, 587, 110, 143, 993, 995) to <code>TCP_IN<\/code> if this server runs a mail service. If you run an FTP server, add ports 20 and 21 to <code>TCP_IN<\/code>, since FTP uses TCP. Add port 3306 to <code>TCP_IN<\/code> only if remote MySQL access is required, and restrict it to trusted IPs in <code>\/etc\/csf\/csf.allow<\/code> rather than opening it to the world.<\/p>\n\n\n\n<p class=\"alert alert-warning wp-block-paragraph\"><strong>Warning:<\/strong> Make sure port 22 remains in <code>TCP_IN<\/code> before you restart CSF. Removing it while connected over SSH will lock you out of your server. If that happens, you will need to access the server through your hosting provider&#8217;s emergency console.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 6: Disable Testing Mode and Start CSF<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Once you are satisfied with your port list, disable testing mode so CSF&#8217;s rules persist across reboots. In <code>\/etc\/csf\/csf.conf<\/code>, find the line:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #E1E4E8\">TESTING = <\/span><span style=\"color: #9ECBFF\">&quot;1&quot;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Change it to:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #E1E4E8\">TESTING = <\/span><span style=\"color: #9ECBFF\">&quot;0&quot;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Save the file, then reload CSF to apply all rules and restart the Login Failure Daemon (lfd):<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #B392F0\">sudo<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">csf<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #79B8FF\">-ra<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Confirm both services are running:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #B392F0\">sudo<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">systemctl<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">status<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">csf<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">lfd<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Both should show <code>active (running)<\/code>. With testing mode off and the services confirmed, your firewall rules are now live and persistent across reboots.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configuring the Login Failure Daemon<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The Login Failure Daemon (lfd) is the brute-force protection layer that runs alongside CSF. It scans your authentication logs at regular intervals and temporarily or permanently blocks IP addresses that trigger excessive failed login attempts. On a typical VPS, the default settings work well out of the box, but one value is worth checking: <code>DENY_IP_LIMIT<\/code> in <code>\/etc\/csf\/csf.conf<\/code>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This setting controls how many blocked IPs lfd tracks in memory. On a VPS, a conservative value such as <code>1000<\/code> avoids unnecessary memory use. On a dedicated server with high traffic, <code>15000<\/code> is a reasonable upper bound. Find the directive in <code>csf.conf<\/code> and adjust it to suit your server:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #E1E4E8\">DENY_IP_LIMIT = <\/span><span style=\"color: #9ECBFF\">&quot;1000&quot;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">To check whether a specific IP is currently blocked, run <code>sudo csf -g &lt;ip-address&gt;<\/code> (replace <code>&lt;ip-address&gt;<\/code> with the actual IP). After any change to <code>csf.conf<\/code>, run <code>sudo csf -ra<\/code> to reload.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Whitelisting Trusted IP Addresses<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">CSF uses two files to exempt IPs from blocking. Understanding which one to use prevents lfd from accidentally blocking your own office IP or a monitoring service.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\/etc\/csf\/csf.allow<\/strong>: IPs listed here bypass all CSF firewall rules entirely. Use this for your own trusted IP addresses, your office range, or any server that must always have access regardless of firewall state.<\/li>\n\n\n\n<li><strong>\/etc\/csf\/csf.ignore<\/strong>: IPs listed here are not tracked by lfd for brute-force detection. Use this for monitoring agents, backup services, or any automated tool that legitimately generates repeated login events.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">To whitelist an IP in <code>csf.allow<\/code>, add one entry per line. You can restrict an entry to a specific protocol and port using the syntax <code>tcp|in|d=22|s=&lt;trusted-ip&gt;<\/code> (replace <code>&lt;trusted-ip&gt;<\/code> with the actual IP address). To allow all traffic from an IP unconditionally, add just the IP address on its own line:<\/p>\n\n\n\n<pre class=\"wp-block-code has-e-1-e-4-e-8-color has-text-color has-1-rem-font-size\"><code>192.0.2.10<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">After editing either file, reload CSF with <code>sudo csf -ra<\/code>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Troubleshooting<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">CSF install fails with Perl module errors<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The installer requires the Perl modules listed in Step 1. If you see errors like <code>Can't locate Net\/LibIDN.pm<\/code>, re-run the <code>apt-get install<\/code> command from Step 1, then retry the install. If a module still cannot be found, run <code>sudo apt-get update<\/code> first to refresh your package list.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">csftest.pl reports FATAL errors<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">A <code>FATAL<\/code> result means the running kernel is missing a required iptables module. On a VPS this usually means the hypervisor&#8217;s kernel does not expose that module to your container. Contact <a href=\"https:\/\/www.inmotionhosting.com\/solutions\/inmotion-solutions\">InMotion Solutions<\/a> or your VPS provider&#8217;s support team to request a kernel that includes the missing module, or ask whether it can be loaded as a kernel extension.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">I am locked out of SSH after restarting CSF<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">If you accidentally removed port 22 from <code>TCP_IN<\/code> before reloading CSF, use your hosting provider&#8217;s out-of-band console to connect without SSH. For InMotion Hosting VPS customers, this is the VPS Manager console in AMP at <a href=\"https:\/\/secure1.inmotionhosting.com\/amp\">secure1.inmotionhosting.com\/amp<\/a>. Once logged in, edit <code>\/etc\/csf\/csf.conf<\/code> to add 22 back to <code>TCP_IN<\/code>, then run <code>sudo csf -ra<\/code>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">lfd blocks a legitimate IP repeatedly<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Add the IP to <code>\/etc\/csf\/csf.ignore<\/code> so lfd stops tracking it. If the IP also needs to bypass firewall rules, add it to <code>\/etc\/csf\/csf.allow<\/code> as well. Reload with <code>sudo csf -ra<\/code> after either change.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The wget download fails or returns a 404<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The original <code>download.configserver.com<\/code> domain is permanently offline. Make sure your download command points to <code>https:\/\/download.configserver.dev\/csf.tgz<\/code> as shown in Step 2. If that URL also becomes unavailable, check the project repository at <a href=\"https:\/\/github.com\/Aetherinox\/csf-firewall\">github.com\/Aetherinox\/csf-firewall<\/a> for the latest release location.<\/p>\n\n\n<div class=\"jumbotron\">\r\n<p style=\"font-size: 20px;\"><strong>Bare Metal Servers for Maximum Performance<\/strong><\/p>\r\n<p>Get direct hardware access without virtualization overhead. Bare metal servers deliver the highest performance for demanding applications.<\/p>\r\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/design.inmotionhosting.com\/assets\/icons\/standard\/check-blue.svg\" alt=\"check mark\" width=\"24\" height=\"24\" \/>Hardware That's Entirely Yours<br><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/design.inmotionhosting.com\/assets\/icons\/standard\/check-blue.svg\" alt=\"check mark\" width=\"24\" height=\"24\" \/>Raw Server Performance<br>\r\n\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/design.inmotionhosting.com\/assets\/icons\/standard\/check-blue.svg\" alt=\"check mark\" width=\"24\" height=\"24\" \/>Complete Customization Freedom<\/p>\r\n<p><a class=\"btn btn-primary btn-lg\" href=\"https:\/\/www.inmotionhosting.com\/bare-metal-servers?mktgp=t&irgwc=1&affiliates=5001860&utm_campaign=Jumbotron&utm_source=supportcenter&utm_medium=cta&utm_term=bare-metal-cta1\">Bare Metal Servers<\/a><\/p>\r\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Your Ubuntu server now has CSF installed and running from the current community-maintained source at <code>configserver.dev<\/code>, with testing mode disabled, your ports tuned to your workload, lfd watching for brute-force attempts, and trusted IPs whitelisted. A natural next step is hardening your SSH configuration: key-based authentication, a non-default port, and <code>PermitRootLogin no<\/code> in <code>\/etc\/ssh\/sshd_config<\/code> will make lfd&#8217;s job significantly easier. If you need hands-on help with server security or CSF configuration, the <a href=\"https:\/\/www.inmotionhosting.com\/solutions\/inmotion-solutions\">InMotion Solutions team<\/a> is available to assist.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>ConfigServer Security &amp; Firewall (CSF) is a widely used firewall for Linux VPS and Dedicated Servers. It sits in front of iptables and provides a single configuration file for controlling ports, blocking brute-force login attempts, and whitelisting trusted IPs. This guide covers installing CSF on Ubuntu using the current community-maintained source, so your server is<a class=\"moretag\" href=\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/\"> Read More ><\/a><\/p>\n","protected":false},"author":57032,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[4299],"tags":[],"class_list":["post-53535","post","type-post","status-publish","format-standard","hentry","category-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Install CSF on Ubuntu | InMotion Hosting<\/title>\n<meta name=\"description\" content=\"Learn how to install ConfigServer Security &amp; Firewall (CSF) on Ubuntu to manage iptables and protect your server against brute-force attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Install CSF on Ubuntu | InMotion Hosting\" \/>\n<meta property=\"og:description\" content=\"Learn how to install ConfigServer Security &amp; Firewall (CSF) on Ubuntu to manage iptables and protect your server against brute-force attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/\" \/>\n<meta property=\"og:site_name\" content=\"InMotion Hosting Support Center\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inmotionhosting\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-08T18:04:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-09T14:49:02+00:00\" \/>\n<meta name=\"author\" content=\"Derrell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:site\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Derrell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/security\\\/install-csf-on-ubuntu\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/security\\\/install-csf-on-ubuntu\\\/\"},\"author\":{\"name\":\"Derrell\",\"@id\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/#\\\/schema\\\/person\\\/0736f70b4077032374f89709cdc255b7\"},\"headline\":\"How to Install ConfigServer Security &#038; Firewall (CSF) on Ubuntu\",\"datePublished\":\"2026-06-08T18:04:06+00:00\",\"dateModified\":\"2026-06-09T14:49:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/security\\\/install-csf-on-ubuntu\\\/\"},\"wordCount\":1330,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/#organization\"},\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/security\\\/install-csf-on-ubuntu\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/security\\\/install-csf-on-ubuntu\\\/\",\"url\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/security\\\/install-csf-on-ubuntu\\\/\",\"name\":\"How to Install CSF on Ubuntu | InMotion Hosting\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/#website\"},\"datePublished\":\"2026-06-08T18:04:06+00:00\",\"dateModified\":\"2026-06-09T14:49:02+00:00\",\"description\":\"Learn how to install ConfigServer Security & Firewall (CSF) on Ubuntu to manage iptables and protect your server against brute-force attacks.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/security\\\/install-csf-on-ubuntu\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/security\\\/install-csf-on-ubuntu\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/security\\\/install-csf-on-ubuntu\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Install ConfigServer Security &#038; Firewall (CSF) on Ubuntu\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/#website\",\"url\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/\",\"name\":\"InMotion Hosting Support Center\",\"description\":\"Web Hosting Support &amp; Tutorials\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/#organization\",\"name\":\"InMotion Hosting\",\"url\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/inmotion-hosting-logo-yoast.jpg\",\"contentUrl\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/inmotion-hosting-logo-yoast.jpg\",\"width\":696,\"height\":696,\"caption\":\"InMotion Hosting\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/inmotionhosting\\\/\",\"https:\\\/\\\/x.com\\\/InMotionHosting\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/#\\\/schema\\\/person\\\/0736f70b4077032374f89709cdc255b7\",\"name\":\"Derrell\",\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/in\\\/derrell-willis\"],\"url\":\"https:\\\/\\\/www.inmotionhosting.com\\\/support\\\/author\\\/derrellw\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Install CSF on Ubuntu | InMotion Hosting","description":"Learn how to install ConfigServer Security & Firewall (CSF) on Ubuntu to manage iptables and protect your server against brute-force attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/","og_locale":"en_US","og_type":"article","og_title":"How to Install CSF on Ubuntu | InMotion Hosting","og_description":"Learn how to install ConfigServer Security & Firewall (CSF) on Ubuntu to manage iptables and protect your server against brute-force attacks.","og_url":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/","og_site_name":"InMotion Hosting Support Center","article_publisher":"https:\/\/www.facebook.com\/inmotionhosting\/","article_published_time":"2026-06-08T18:04:06+00:00","article_modified_time":"2026-06-09T14:49:02+00:00","author":"Derrell","twitter_card":"summary_large_image","twitter_creator":"@InMotionHosting","twitter_site":"@InMotionHosting","twitter_misc":{"Written by":"Derrell","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/#article","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/"},"author":{"name":"Derrell","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/0736f70b4077032374f89709cdc255b7"},"headline":"How to Install ConfigServer Security &#038; Firewall (CSF) on Ubuntu","datePublished":"2026-06-08T18:04:06+00:00","dateModified":"2026-06-09T14:49:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/"},"wordCount":1330,"commentCount":0,"publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"articleSection":["Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/","url":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/","name":"How to Install CSF on Ubuntu | InMotion Hosting","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#website"},"datePublished":"2026-06-08T18:04:06+00:00","dateModified":"2026-06-09T14:49:02+00:00","description":"Learn how to install ConfigServer Security & Firewall (CSF) on Ubuntu to manage iptables and protect your server against brute-force attacks.","breadcrumb":{"@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inmotionhosting.com\/support\/"},{"@type":"ListItem","position":2,"name":"How to Install ConfigServer Security &#038; Firewall (CSF) on Ubuntu"}]},{"@type":"WebSite","@id":"https:\/\/www.inmotionhosting.com\/support\/#website","url":"https:\/\/www.inmotionhosting.com\/support\/","name":"InMotion Hosting Support Center","description":"Web Hosting Support &amp; Tutorials","publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.inmotionhosting.com\/support\/#organization","name":"InMotion Hosting","url":"https:\/\/www.inmotionhosting.com\/support\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","width":696,"height":696,"caption":"InMotion Hosting"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inmotionhosting\/","https:\/\/x.com\/InMotionHosting"]},{"@type":"Person","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/0736f70b4077032374f89709cdc255b7","name":"Derrell","sameAs":["https:\/\/www.linkedin.com\/in\/derrell-willis"],"url":"https:\/\/www.inmotionhosting.com\/support\/author\/derrellw\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"primary_category":{"id":4299,"name":"Security","slug":"security","link":"https:\/\/www.inmotionhosting.com\/support\/security\/"},"_links":{"self":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/53535","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/users\/57032"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/comments?post=53535"}],"version-history":[{"count":14,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/53535\/revisions"}],"predecessor-version":[{"id":132406,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/53535\/revisions\/132406"}],"wp:attachment":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/media?parent=53535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/categories?post=53535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/tags?post=53535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}