How to Open a Port in CSF with WHM/cPanel

Posted on by dpepper
Reading Time: 3 minutes

CSF (or Config Server Firewall) offers several advantages over the APF (Advanced Policy Firewall), including more robust protection against Denial of Service, SYN flood and other common attacks. One of its most appealing features is its plugin for WebHost Manager that allows you to quickly access firewall settings and common tasks through a graphical interface.

Preflight Check

  • These instructions are intended specifically for opening (and closing) ports in the CSF firewall via WHM on a VPS server or Dedicated server.
  • If you want to open or close a port in APF or CSF from the command line over SSH, see How to Open Ports in Your Firewall.
  • If your server currently uses APF but you’d prefer CSF, contact Heroic Support® and request a switch. There is no charge, it typically takes only a few minutes, and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.

Step #1: Open the Firewall Management Page

  1. Once logged in to WHM, you will find the CSF interface under the Plugins section in the left menu.
  2. Click on ConfigServer Security & Firewall or begin typing “firewall” into WHM’s search box at the top left to quickly locate the link.

Step #2: Open Firewall Settings

  1. On the ConfigServer Security & Firewall page, click the Firewall Configuration button to enter advanced settings.


Step #3: Manage Ports

    1. On the Firewall Configuration screen, scroll down to the IPv4 Port Settings section.
    2. You will be editing the fields in the Allow incoming TCP ports and Allow outgoing TCP ports sections.


    • To allow incoming connections to a port, add the number to the TCP_IN = field.
    • To block incoming connections to a port, remove the port number from the TCP_IN = field.
    • To allow outgoing connections from a port, add the port number to the TCP_OUT = field.
    • To block outgoing connections from a port, remove the port number from the TCP_OUT = field.

Step #4: Save Changes and Restart the Firewallrestartcsf

  1. Scroll all the way to the bottom of the Firewall Configuration page and click the Change button to save the settings.
  2. After saving the settings, you will be given the option of restarting the firewall or returning to the settings page to continue editing. Since your changes will not take effect until the firewall is restarted, you will need to click the Restart csf+lfd button to apply the new settings.

Tip: Also Check Your Cloud® Firewall Settings

Cloud Dedicated and VPS customers also have access to a separate Firewall in Manage.

If you are using the Cloud-based Firewall and have configured it to use advanced settings, you will want to ensure that the ports you’ve changed in WHM also are changed there.

  1. You can access your Cloud Firewall settings from Manage. After clicking on your server name, navigate to the Network section and select the Firewall tab.
  2. If it’s active and using advanced settings, you will need to replicate your port rule in the Cloud Firewall interface to ensure traffic can reach the port.
  3. Find more information and detailed instructions for managing the Cloud Firewall at How to Configure a Cloud Firewall.

Find Detailed Information in Our Knowledge Base

To learn how to unblock an IP address via the command line, visit:


About the Author: dpepper

Have Some Questions?

Our Sales and Support teams are available 24 hours by phone or e-mail to assist.


Latest Articles

Cloudstack vs OpenStack: Which is Right For You?

Read Article

Cloning an Existing Virtual Machine with VMware

Read Article

Five Steps to Create a Robots.txt File for Your Website

Read Article

Premium Business Email Pricing FAQ

Read Article

Microsoft Exchange Server Security Update

Read Article