How to install CSF Firewall in cPanel

In this tutorial we are going to teach you how to install the CSF firewall in your cPanel server. This video was made using a VPS Hosting from Copahost. It works also with dedicated servers using cPanel. VPS Hosting from 3€ - https://www.copahost.com/en/vps-hosting Dedicated servers from 49€ - https://www.copahost.com/en/dedicated-servers This tutorial applies either for VPS servers or for dedicated servers. First of all we're going to open the SSH connection to connect to our server. We are going to use PuTTY which is our favorite SSH client. Open a connection. Let’s login as root. Now we're inside the root server. We're going to the folder usr/src. Afterwards we're going to download CSF from it’s official website. Use this command: # wget https://download.configserver.com/csf.tgz After download let’s expand this. Use this command: # tar -xzf csf.tgz Now we're going to answer the new created csf folder and then we're going to issue the installation. Just # sh install.sh Now the installation is completed. We must perform a test whether we have all the IP tables modules by running this command. # perl /usr/local/csf/bin/csftest.pl It is ok. Csf performed some tests. We have the standard IP tables modules and it resulted. Csf should function on this server. csf is already successfully installed. We're going to WHM inside our cPanel fot we can configure our firewall inside cPanel. Just a note: csf full works in a standard server without cPanel, is not a problem. But csf brings some very nice functions for us to use in cPanel, so very nice too. Inside our WHM, we're going to come to this search (see timecode 4:01) and then type “Firewall”. You'll find these options ConfigServer Security&Firewall. Ok. We're now inside the configuration of csf inside our cPanel, and we must pay attention to this: Firewall status enabled but in Test Mode. What does it means? There will be a crown jar to reset the firewall every five minutes and this is important if we do anything, lets say, if we block any important port it will automatically undo the changes. Afterwards we need to, after finishing the configuration, we need disable the test mode, otherwise the firewall we have no action here. The first configuration is that one (see timecode 5:07). Click in “firewall configuration”. This area is quite big. There are several options. We'll focus just in some of them. Here (see timecode 5:07) is the testing option If we set to 0 csf we're entering production mold and the test mode will be removed. The changes will be in production. So, lets keep this in 0 so that we can enable our firewall. Afterwards we can scroll a little to IPv4 Port and now in this options we have TCP IN and TCP OUT. Here (see timecode 5:59) we must configure all the ports... that we need to allow traffic in, and here are the ports we need to allow traffic out. So lets say you need MySQL to be able to receive remote connections. Keep reading bellow...