CSF Installation (Linux VPS/Cloud)

In order to install CSF (Firewall) to an OpenVZ container (Linux VPS), you will need to follow the tutorial on the page below:


To do that, you will need to login via SSH to the VPS and execute the commands listed in the link above.

Because of the OpenVZ hardware node it is possible that you will encounter the following errors after the installation and running the iptables modules check:

# perl /usr/local/csf/bin/csftest.pl

"FATAL: Could not load /lib/modules/2.6.32-042stab093.5/modules.dep"

To resolve this problem the following four steps need to be executed from your end:

  1. Create the path (directory) that the service can't find:

# mkdir -p /lib/modules/2.6.32-042stab093.5

("2.6.32-042stab093.5" this part could be different, just copy it from the error message)

  1. Regenerate the missing modules:

# depmod -a

  1. Restart the CSF (Firewall) service, so the changes will take effect:

# csf -r

  1. Test the modules and service again using the pearl script:

# perl /usr/local/csf/bin/csftest.pl

If everything is done correctly no errors should appear and you will get a message that the service is running properly on the VPS.

  1. Next step is to configure the firewall to your liking, to do that you need to go to the CSF Configuration directory /etc/csf/ and edit the file csf.conf with with any text editor:

# nano /etc/csf/csf.conf

  1. By default CSF allows incoming and outgoing traffic for the SSH standard port 22, if you use a different SSH port (for example 2222) then please add your port to the configuration in line 139 TCP\_IN, it will look something like this:

TCP\_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"

  1. Whenever you are altering the settings in csf.conf, you should save the files and restart CSF in order for the changes to take effect.

Once you are ready with the configuration, close the file by pressing Ctrl + X. When you are asked whether to save the changes or not, press Y to save the changes.

  1. After this, you should apply the changes by restarting CSF with command:

# csf -r

  1. If everything went like planned, and you are still able to access the server, open the configuration file once more:

# nano /etc/csf/csf.conf

Change the setting TESTING at the beginning of the configuration file to 0 as shown below:


  1. Save the file, and apply the changes with command:

# csf -r