CSF (ConfigServer Security & Firewall) is the default firewall that comes with CentOS Web Panel. As of writing this article, CSF is installed but it’s not enabled.
For more information about CSF please visit the official web page.
When logging in to CWP you will see a warning:
Message id [8dfeb6386ed1dfa9aee22f447e45e544]: === SECURITY WARNING === CSF/LFD Firewall is NOT enabled on your server, click here to enable it!
To enable the firewall on CWP, follow the steps:
- Go to your CWP installation and log in as root
- Navigate to Security->Firewall Manager
- Click the Enable Firewall button. You will see a log like:
.... Mar 26 12:20:13 cwp1 systemd[1]: Starting ConfigServer Firewall & Security - lfd... Mar 26 12:20:14 cwp1 systemd[1]: PID file /var/run/lfd.pid not readable (yet?) after start. Mar 26 12:20:14 cwp1 systemd[1]: Started ConfigServer Firewall & Security - lfd. csf and lfd have been enabled
- Now csf and lfd (Login Failure Daemon) have been enabled. (you can now close the warning message from the CWP Dashboard)
You can also enable CSF via the command line. Use csf -e command:
[root@cwp1 ~]# csf -e
By default, the open ports are:
TCP
IN: 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995, 2030, 2031, 2082, 2083, 2086, 2087, 2095, 2096
OUT: 20, 21, 22, 25, 53, 80, 110, 113, 443, 2030, 2031, 2082, 2083, 2086, 2087, 2095, 2096, 587, 993, 995
UDP
IN: 20, 21, 53
OUT: 20, 21, 53, 113, 123
The movie tutorial for this KB article: