DebianDebian Based

How To Install CSF Firewall on Debian 12

Install CSF Firewall on Debian 12

In this tutorial, we will show you how to install CSF Firewall on Debian 12. Firewalls are the first line of defense in network security. They control incoming and outgoing network traffic based on predetermined security rules. Among the various firewall solutions for Linux systems, CSF (Config Server Firewall) stands out for its ease of use and rich feature set. CSF is a popular Stateful Packet Inspection (SPI) firewall that leverages iptables, providing an intuitive way to secure your Debian 12 servers.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Percona Server on a Debian 12 (Bookworm).


  • A server running one of the following operating systems: Debian 12 (Bookworm).
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for CSF Firewall.
  • A user account with sudo privileges to execute administrative commands.

Install CSF Firewall on Debian 12 Bookworm

Step 1. Begin by updating your system’s package repository to ensure all your software is up to date. This can be done by executing the following command:

sudo apt update
sudo apt upgrade

If UFW is installed and running on your system, it‘s essential to disable it to prevent any interference with CSF:

sudo ufw disable

Step 2. Installing Required Dependencies.

Now we install the necessary dependencies including iptables, perl, and other required Perl modules to ensure CSF can run without issues.

sudo apt install iptables perl libwww-perl liblwp-protocol-https-perl

Step 3. Installing CSF (Config Server Firewall) on Debian 12.

With the prerequisites in place, the next step is to download the CSF package. The package can be obtained directly from the official ConfigServer website using the wget command. Once downloaded, you’ll need to extract the contents of the tarball for installation:

cd /usr/src
sudo wget
sudo tar -xvzf csf.tgz

Navigate to the CSF directory and execute the installer script:

cd csf
sudo sh

Before proceeding with the configuration, it’s wise to test the CSF installation to ensure that all necessary iptables modules are available and functioning correctly. CSF provides a script named for this purpose:

sudo perl /usr/local/csf/bin/

This script will check for the presence of required modules and report any issues. A successful test indicates that CSF is ready for configuration.

Step 4. Configuring CSF.

Configuration of CSF is handled through the csf.conf file located in /etc/csf/csf.conf. Initially, CSF is in “testing” mode, which means it won’t actively block traffic. To enable CSF, you’ll need to edit this file and set TESTING to “0”:

sudo nano /etc/csf/csf.conf

Find the line containing TESTING = "1" and change it to TESTING = "0". Additionally, you can adjust other settings within this file to tailor CSF to your environment‘s specific needs. After making changes, apply them by restarting CSF:

csf -r

Step 5. Testing and Verification.

Ensure your firewall rules are working as expected. Verify that CSF and LFD services are active and running without errors. Check logs for any issues:

sudo systemctl status csf lfd

Step 5. Managing CSF via CLI.

CSF offers a variety of commands for managing the firewall directly from the CLI. These commands allow you to start, enable, stop, and restart the CSF service, as well as manage firewall rules. Some basic commands include:

  • sudo csf -s: Start the firewall rules.
  • sudo csf -f: Flush/stop firewall rules.
  • sudo csf -r: Restart the firewall rules.

Step 6. Enabling CSF Web UI.

To enable the CSF (Config Server Firewall) Web UI on Debian 12, you need to follow a series of steps that involve editing configuration files and restarting services. The Web UI allows for easier management of the firewall through a web browser interface.

You need to edit the CSF configuration file to enable the Web UI feature:

sudo nano /etc/csf/csf.conf

In the configuration file, find and change the following settings to enable the Web UI and set your desired port, IP address, username, and password:

UI = "1"
UI_PORT = "<desired_port>"
UI_IP = "<your_server_ip>"
UI_USER = "<desired_username>"
UI_PASS = "<strong_password>"

Replace <desired_port>, <your_server_ip>, <desired_username>, and <strong_password> with your actual port number, server IP, username, and a strong password.

After making the changes, restart the CSF and LFD (Login Failure Daemon) services to apply the new configuration:

sudo csf -ra

Step 7. Access the CSF Web UI.

Open your web browser and navigate to your server’s IP address followed by the CSF Web UI port you set earlier (e.g., https://<server-ip>:<CSF-UI-port>). You should be prompted with a login page where you can enter the username and password you set in the configuration file

Congratulations! You have successfully installed the CSF Firewall. Thanks for using this tutorial to install the latest version of the CSF (Config Server Firewall) on Debian 12 Bookworm. For additional help or useful information, we recommend you check the official CSF Firewall website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!


r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button