Close this search box.

How to Install CSF (Config Server Firewall) on Debian 12

Table of Contents

Securing your Debian 12 server is paramount in safeguarding your digital assets from potential threats. In this comprehensive guide, we will walk you through the step-by-step process of installing CSF (Config Server Firewall), a powerful tool designed to enhance the security posture of your Debian 12 system. By the end of this tutorial, you’ll have a robust firewall solution in place, fortifying your server against unauthorized access and malicious activity. Let’s dive in and bolster your server’s defenses!



First, let’s begin by creating your VPSie Account if you haven’t already done so, and then proceed to install the Debian 12 server as per your requirements.

What Is CSF Firewall?

CSF stands for ConfigServer Security & Firewall. It’s a popular firewall configuration script created to provide better security for servers while giving an advanced, easy-to-use interface for managing firewall settings. CSF operates as a front end for iptables, the software-based packet filtering framework in Linux. It allows system administrators to easily configure and manage firewall rules, blocklists, and other security features to protect servers from various types of attacks, such as DDoS (Distributed Denial of Service) attacks, brute force attacks, and other malicious activities.



Some key features of CSF include:



Advanced Firewall Configuration: CSF provides an easy-to-use interface to configure iptables rules, allowing administrators to define specific rules for allowing or blocking traffic based on various criteria such as IP address, port number, and protocol.



Intrusion Detection and Prevention: CSF includes features for intrusion detection and prevention, such as login failure detection (brute force protection), connection tracking, and SYN flood protection.



Email Alerts and Notifications: CSF can be configured to send email alerts and notifications when certain firewall events occur, such as a firewall rule being triggered or a potential security threat detected.



IP Blocklists and Whitelists: CSF supports the use of blocklists and whitelists, allowing administrators to block or allow traffic from specific IP addresses or ranges.



Logging and Reporting: CSF logs firewall events and provides reporting features to help administrators monitor and analyze firewall activity.




Overall, CSF is a valuable tool for server administrators looking to enhance the security of their systems by effectively managing firewall settings and implementing additional security measures.



Let’s delve into the installation procedure for CSF on your Debian 12 server.

Update the Debian 12 server

Now access your command terminal either directly or via SSH. Then, execute the system update command to ensure it’s up-to-date:


sudo apt update && sudo apt upgrade

Install dependencies

Prior to installing CSF, it’s essential to confirm that all dependencies are installed. These dependencies typically encompass packages like Perl and iptables. Additionally, if you have another firewall running, such as UFW (Uncomplicated Firewall), you’ll need to disable it beforehand.


Use the following command to install the dependencies required for CSF:

sudo apt install libio-socket-inet6-perl libsocket6-perl sendmail dnsutils unzip libio-socket-ssl-perl libcrypt-ssleay-perl git perl iptables libnet-libidn-perl libwww-perl liblwp-protocol-https-perl libgd-graph-perl


Download and Install CSF

To install CSF (Config Server Firewall) manually, begin by obtaining the CSF source code directly from the source. Utilize the wget command provided below to download the CSF source code.



Please utilize the following tar command to extract the contents of the csf.tgz file.

sudo tar -xvzf csf.tgz


Navigate to the CSF directory and run the script to initiate the installation process.

cd csf; sh


After the installation is finished, confirm it by executing the following command.

perl /usr/local/csf/bin/


Make Sure the output is OK from each test.

Enable CSF Web Interface

Now, we’ll activate the CSF Web interface for monitoring through a web browser. Access the CSF configuration using the Nano editor as shown below.

sudo nano /etc/csf/csf.conf



Please update the values for the following options with your information.


UI = "1"
UI_PORT = "6666"
UI_IP = ""
UI_USER = "username"
UI_PASS = "password"
In the TCP_IN = line add port 6666 at the end
Save the file and exit the editor once you’re done.
Please add your IP address in the /etc/csf/csf.allow and /etc/csf/ui/ui.allow files. This step will grant access to CSF Web UI and the server by whitelisting your public IP address.
Once it is done, execute the command provided to confirm the CSF configuration and then proceed to restart both the CSF and LFD services.
sudo csf -v
sudo csf -ra
Confirm the whitelisted IP addresses on CSF by executing the command provided.
sudo csf -l

Access CSF Web Interface

Please launch your web browser and navigate to the server’s IP address, appending the CSF Web UI port https://{Your-IP}:6666.



Please enter the admin username and password you’ve set up for the file, then press ENTER.

In conclusion, installing CSF on Debian 12 provides a robust firewall solution, enhancing security and fortifying your system against potential threats. With its user-friendly interface and powerful features, CSF offers peace of mind for both novice and experienced users alike. So, follow the steps outlined in this guide and safeguard your Debian 12 system with confidence.

Make a Comment
Share on
VPSie Cloud service

Fast and Secure Cloud VPS Service

For a month

The First 1 orders gets free discount today! Try Sign up on VPSie to get a chance to get the discount.