CSF (or Config Server Firewall) offers several advantages over the APF (Advanced Policy Firewall), including more robust protection against Denial of Service, SYN flood and other common attacks. One of its most appealing features is its plugin for WebHost Manager that allows you to quickly access firewall settings and common tasks through a graphical interface.
- These instructions are intended specifically for opening (and closing) ports in the CSF firewall via WHM on a VPS server or Dedicated server.
- If you want to open or close a port in APF or CSF from the command line over SSH, see How to Open Ports in Your Firewall.
- If your server currently uses APF but you’d prefer CSF, contact Heroic Support® and request a switch. There is no charge, it typically takes only a few minutes, and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.
Step #1: Open the Firewall Management Page
- Once logged in to WHM, you will find the CSF interface under the Plugins section in the left menu.
- Click on ConfigServer Security & Firewall or begin typing “firewall” into WHM’s search box at the top left to quickly locate the link.
Step #2: Open Firewall Settings
- On the ConfigServer Security & Firewall page, click the Firewall Configuration button to enter advanced settings.
Step #3: Manage Ports
- On the Firewall Configuration screen, scroll down to the IPv4 Port Settings section.
- You will be editing the fields in the Allow incoming TCP ports and Allow outgoing TCP ports sections.
- To allow incoming connections to a port, add the number to the TCP_IN = field.
- To block incoming connections to a port, remove the port number from the TCP_IN = field.
- To allow outgoing connections from a port, add the port number to the TCP_OUT = field.
- To block outgoing connections from a port, remove the port number from the TCP_OUT = field.
Step #4: Save Changes and Restart the Firewall
- Scroll all the way to the bottom of the Firewall Configuration page and click the Change button to save the settings.
- After saving the settings, you will be given the option of restarting the firewall or returning to the settings page to continue editing. Since your changes will not take effect until the firewall is restarted, you will need to click the Restart csf+lfd button to apply the new settings.
Tip: Also Check Your Cloud® Firewall Settings
Cloud Dedicated and VPS customers also have access to a separate Firewall in Manage.
If you are using the Cloud-based Firewall and have configured it to use advanced settings, you will want to ensure that the ports you’ve changed in WHM also are changed there.
- You can access your Cloud Firewall settings from Manage. After clicking on your server name, navigate to the Network section and select the Firewall tab.
- If it’s active and using advanced settings, you will need to replicate your port rule in the Cloud Firewall interface to ensure traffic can reach the port.
- Find more information and detailed instructions for managing the Cloud Firewall at How to Configure a Cloud Firewall.
Find Detailed Information in Our Knowledge Base
To learn how to unblock an IP address via the command line, visit:
- How to Unblock an IP Address in CSF
- How to Unblock an IP Address in APF
- For general information on APF, visit How to Manage the APF Firewall.
- And to open (and close) ports, check out How to Open Ports in the Firewall.