CSF Configuration for cPanel

My CSF configuration

TESTING = "0"
TESTING_INTERVAL = "5"
RESTRICT_SYSLOG = "3"
RESTRICT_SYSLOG_GROUP = "mysyslog"
RESTRICT_UI = "1"
AUTO_UPDATES = "1"
LF_SPI = "1"
TCP_IN = "20,21,49152:65534,25,53,80,110,143,443,465,587,993,995,2083,2096"
TCP_OUT = "20,21,23,25,37,43,80,110,113,143,443,587,873,995,2089,8081,26,465,993,3306,8080"
UDP_IN = "20,21,53"
UDP_OUT = "20,21,53,113,123,873,6277,24441"
ICMP_IN = "1"
ICMP_IN_RATE = "1/s"
ICMP_OUT = "1"
ICMP_OUT_RATE = "0"
ICMP_TIMESTAMPDROP = "0"
IPV6 = "0"
IPV6_ICMP_STRICT = "0"
IPV6_SPI = "1"
TCP6_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096"
TCP6_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,993,995,2086,2087,2089,2703"
UDP6_IN = "20,21,53"
UDP6_OUT = "20,21,53,113,123,873,6277,24441"
ETH_DEVICE = ""
ETH6_DEVICE = ""
ETH_DEVICE_SKIP = ""
USE_CONNTRACK = "1"
USE_FTPHELPER = "0"
SYSLOG_CHECK = "900"
RELAYHOSTS = "1"
IGNORE_ALLOW = "0"
DNS_STRICT = "0"
DNS_STRICT_NS = "0"
DENY_IP_LIMIT = "200"
DENY_TEMP_IP_LIMIT = "300"
LF_DAEMON = "1"
LF_CSF = "1"
FASTSTART = "1"
LF_IPSET = "0"
WAITLOCK = "0"
WAITLOCK_TIMEOUT = "300"
LF_IPSET_HASHSIZE = "1024"
LF_IPSET_MAXELEM = "65536"
LFDSTART = "0"
VERBOSE = "1"
PACKET_FILTER = "1"
LF_LOOKUPS = "0"
STYLE_CUSTOM = "1"
STYLE_MOBILE = "1"
SMTP_BLOCK = "1"
SMTP_ALLOWLOCAL = "1"
SMTP_REDIRECT = "0"
SMTP_PORTS = "25,465,587"
SMTP_ALLOWUSER = "cpanel"
SMTP_ALLOWGROUP = "mail,mailman"
SMTPAUTH_RESTRICT = "0"
SYNFLOOD = "0"
SYNFLOOD_RATE = "100/s"
SYNFLOOD_BURST = "150"
CONNLIMIT = "21;5,25;8,587;8,465;5,80;50,443;50,110;10,143;20,993;30,995;30,2082;5,2083;20,2095;10,2096;30"
PORTFLOOD = ""
UDPFLOOD = "0"
UDPFLOOD_LIMIT = "100/s"
UDPFLOOD_BURST = "500"
UDPFLOOD_ALLOWUSER = "named"
SYSLOG = "1"
DROP = "DROP"
DROP_OUT = "REJECT"
DROP_LOGGING = "1"
DROP_IP_LOGGING = "0"
DROP_OUT_LOGGING = "1"
DROP_UID_LOGGING = "1"
DROP_ONLYRES = "0"
DROP_NOLOG = "23,67,68,111,113,135:139,445,500,513,520"
DROP_PF_LOGGING = "0"
CONNLIMIT_LOGGING = "1"
UDPFLOOD_LOGGING = "1"
LOGFLOOD_ALERT = "1"
LF_ALERT_TO = ""
LF_ALERT_FROM = ""
LF_ALERT_SMTP = ""
BLOCK_REPORT = ""
UNBLOCK_REPORT = ""
X_ARF = "0"
X_ARF_FROM = ""
X_ARF_TO = ""
X_ARF_ABUSE = "0"
LF_PERMBLOCK = "1"
LF_PERMBLOCK_INTERVAL = "86400"
LF_PERMBLOCK_COUNT = "4"
LF_PERMBLOCK_ALERT = "1"
LF_NETBLOCK = "0"
LF_NETBLOCK_INTERVAL = "86400"
LF_NETBLOCK_COUNT = "4"
LF_NETBLOCK_CLASS = "C"
LF_NETBLOCK_ALERT = "1"
LF_NETBLOCK_IPV6 = ""
SAFECHAINUPDATE = "0"
DYNDNS = "0"
DYNDNS_IGNORE = "0"
LF_GLOBAL = "86400"
GLOBAL_ALLOW = ""
GLOBAL_DENY = "https://your_domain/csf_blacklist.txt"
GLOBAL_IGNORE = ""
GLOBAL_DYNDNS = ""
GLOBAL_DYNDNS_INTERVAL = "600"
GLOBAL_DYNDNS_IGNORE = "0"
LF_BOGON_SKIP = ""
URLGET = "2"
URLPROXY = ""
CC_DENY = ""
CC_ALLOW = ""
CC_ALLOW_FILTER = ""
CC_ALLOW_PORTS = ""
CC_ALLOW_PORTS_TCP = ""
CC_ALLOW_PORTS_UDP = ""
CC_DENY_PORTS = ""
CC_DENY_PORTS_TCP = ""
CC_DENY_PORTS_UDP = ""
CC_IGNORE = ""
CC_ALLOW_SMTPAUTH = ""
CC_DROP_CIDR = ""
CC_LOOKUPS = "1"
CC6_LOOKUPS = "0"
CC_INTERVAL = "7"
LF_TRIGGER = "0"
LF_TRIGGER_PERM = "900"
LF_SELECT = "1"
LF_EMAIL_ALERT = "1"
LF_SSHD = "5"
LF_SSHD_PERM = "86400"
LF_FTPD = "20"
LF_FTPD_PERM = "1800"
LF_SMTPAUTH = "20"
LF_SMTPAUTH_PERM = "1800"
LF_EXIMSYNTAX = "10"
LF_EXIMSYNTAX_PERM = "1800"
LF_POP3D = "30"
LF_POP3D_PERM = "1800"
LF_IMAPD = "30"
LF_IMAPD_PERM = "1800"
LF_HTACCESS = "0"
LF_HTACCESS_PERM = "300"
LF_CPANEL = "5"
LF_CPANEL_PERM = "1800"
LF_MODSEC = "5"
LF_MODSEC_PERM = "600"
LF_BIND = "0"
LF_BIND_PERM = "1"
LF_SUHOSIN = "0"
LF_SUHOSIN_PERM = "1"
LF_CXS = "0"
LF_CXS_PERM = "1"
LF_QOS = "0"
LF_QOS_PERM = "1"
LF_SYMLINK = "0"
LF_SYMLINK_PERM = "1"
LF_WEBMIN = "0"
LF_WEBMIN_PERM = "1"
LF_SSH_EMAIL_ALERT = "0"
LF_SU_EMAIL_ALERT = "0"
LF_WEBMIN_EMAIL_ALERT = "0"
LF_CONSOLE_EMAIL_ALERT = "0"
LF_APACHE_404 = "60"
LF_APACHE_404_PERM = "1800"
LF_APACHE_403 = "60"
LF_APACHE_403_PERM = "600"
LF_APACHE_401 = "10"
LF_APACHE_401_PERM = "600"
LF_APACHE_ERRPORT = "0"
LF_CPANEL_ALERT = "1"
LF_CPANEL_ALERT_ACTION = ""
LF_CPANEL_ALERT_USERS = "root"
LF_CPANEL_BANDMIN = "0"
LF_SCRIPT_ALERT = "1"
LF_SCRIPT_LIMIT = "200"
LF_SCRIPT_ACTION = ""
LF_SCRIPT_PERM = "0"
LF_QUEUE_ALERT = "2000"
LF_QUEUE_INTERVAL = "300"
LF_MODSECIPDB_ALERT = "1"
LF_MODSECIPDB_FILE = "/var/cpanel/secdatadir/ip.pag"
LF_EXPLOIT = "300"
LF_EXPLOIT_IGNORE = ""
LF_INTERVAL = "1800"
LF_PARSE = "5"
LF_FLUSH = "3600"
LF_REPEATBLOCK = "0"
LF_BLOCKINONLY = "1"
CF_ENABLE = "0"
CF_CPANEL = ""
CF_BLOCK = "block"
CF_TEMP = "3600"
LF_DIRWATCH = "300"
LF_DIRWATCH_DISABLE = "0"
LF_DIRWATCH_FILE = "0"
LF_INTEGRITY = "0"
LF_DISTATTACK = "0"
LF_DISTATTACK_UNIQ = "2"
LF_DISTFTP = "5"
LF_DISTFTP_UNIQ = "3"
LF_DISTFTP_PERM = "3600"
LF_DISTFTP_ALERT = "1"
LF_DISTSMTP = "5"
LF_DISTSMTP_UNIQ = "3"
LF_DISTSMTP_PERM = "3600"
LF_DISTSMTP_ALERT = "1"
LF_DIST_INTERVAL = "300"
LF_DIST_ACTION = ""
LT_POP3D = "0"
LT_IMAPD = "0"
LT_EMAIL_ALERT = "1"
LT_SKIPPERMBLOCK = "1"
RT_RELAY_ALERT = "1"
RT_RELAY_LIMIT = "100"
RT_RELAY_BLOCK = "0"
RT_AUTHRELAY_ALERT = "1"
RT_AUTHRELAY_LIMIT = "200"
RT_AUTHRELAY_BLOCK = "900"
RT_POPRELAY_ALERT = "1"
RT_POPRELAY_LIMIT = "100"
RT_POPRELAY_BLOCK = "0"
RT_LOCALRELAY_ALERT = "1"
RT_LOCALRELAY_LIMIT = "100"
RT_LOCALHOSTRELAY_ALERT = "1"
RT_LOCALHOSTRELAY_LIMIT = "100"
RT_ACTION = ""
CT_LIMIT = "50"
CT_INTERVAL = "30"
CT_EMAIL_ALERT = "1"
CT_PERMANENT = "0"
CT_BLOCK_TIME = "300"
CT_SKIP_TIME_WAIT = "1"
CT_STATES = "SYN_RECV"
CT_PORTS = ""
PT_LIMIT = "300"
PT_INTERVAL = "60"
PT_SKIP_HTTP = "0"
PT_ALL_USERS = "1"
PT_DELETED = "0"
PT_DELETED_ACTION = ""
PT_USERPROC = "25"
PT_USERMEM = "0"
PT_USERRSS = "0"
PT_USERTIME = "1800"
PT_USERKILL = "1"
PT_USERKILL_ALERT = "1"
PT_USER_ACTION = ""
PT_LOAD = "60"
PT_LOAD_AVG = "5"
PT_LOAD_LEVEL = "20"
PT_LOAD_SKIP = "3600"
PT_APACHESTATUS = "http://127.0.0.1/whm-server-status"
PT_LOAD_ACTION = ""
PT_FORKBOMB = "0"
PT_SSHDKILL = "0"
PT_SSHDHUNG = "0"
PS_INTERVAL = "0"
PS_LIMIT = "10"
PS_PORTS = "0:65535,ICMP"
PS_DIVERSITY = "1"
PS_PERMANENT = "0"
PS_BLOCK_TIME = "3600"
PS_EMAIL_ALERT = "1"
UID_INTERVAL = "0"
UID_LIMIT = "10"
UID_PORTS = "0:65535,ICMP"
AT_ALERT = "2"
AT_INTERVAL = "60"
AT_NEW = "1"
AT_OLD = "1"
AT_PASSWD = "1"
AT_UID = "1"
AT_GID = "1"
AT_DIR = "1"
AT_SHELL = "1"
UI = "0"
UI_PORT = "6666"
UI_IP = ""
UI_USER = "username"
UI_PASS = "password"
UI_TIMEOUT = "300"
UI_CHILDREN = "5"
UI_RETRY = "5"
UI_BAN = "1"
UI_ALLOW = "1"
UI_BLOCK = "1"
UI_ALERT = "4"
UI_CIPHER = "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH"
UI_SSL_VERSION = "SSLv23:!SSLv3:!SSLv2"
UI_CXS = "0"
UI_CSE = "0"
MESSENGER = "0"
MESSENGER_TEMP = "1"
MESSENGER_PERM = "1"
MESSENGER_USER = "csf"
MESSENGER_CHILDREN = "10"
MESSENGERV2 = "0"
MESSENGER_HTTPS = "8887"
MESSENGER_HTTPS_IN = ""
MESSENGER_HTTPS_CONF = "/usr/local/apache/conf/httpd.conf"
MESSENGER_HTTPS_SKIPMAIL = "1"
MESSENGER_HTTPS_KEY = "/var/cpanel/ssl/cpanel/mycpanel.pem"
MESSENGER_HTTPS_CRT = "/var/cpanel/ssl/cpanel/mycpanel.pem"
MESSENGER_HTML = "8888"
MESSENGER_HTML_IN = "80,2082,2095"
MESSENGER_TEXT = "8889"
MESSENGER_TEXT_IN = "21"
MESSENGER_RATE = "100/s"
MESSENGER_BURST = "150"
RECAPTCHA_SITEKEY = ""
RECAPTCHA_SECRET = ""
RECAPTCHA_ALERT = "1"
RECAPTCHA_NAT = ""
CLUSTER_SENDTO = ""
CLUSTER_RECVFROM = ""
CLUSTER_MASTER = ""
CLUSTER_NAT = ""
CLUSTER_LOCALADDR = ""
CLUSTER_PORT = "7777"
CLUSTER_KEY = ""
CLUSTER_BLOCK = "1"
CLUSTER_CONFIG = "1"
CLUSTER_CHILDREN = "25"
PORTKNOCKING = ""
PORTKNOCKING_LOG = "1"
PORTKNOCKING_ALERT = "1"
LOGSCANNER = "0"
LOGSCANNER_INTERVAL = "hourly"
LOGSCANNER_STYLE = "1"
LOGSCANNER_EMPTY = "1"
LOGSCANNER_LINES = "5000"
ST_ENABLE = "0"
ST_IPTABLES = "100"
ST_LOOKUP = "0"
ST_SYSTEM = "1"
ST_SYSTEM_MAXDAYS = "30"
ST_MYSQL = "0"
ST_MYSQL_USER = "root"
ST_MYSQL_PASS = ""
ST_MYSQL_HOST = "localhost"
ST_APACHE = "0"
ST_DISKW = "0"
ST_DISKW_FREQ = "5"
ST_DISKW_DD = "if=/dev/zero of=/var/lib/csf/dd_test bs=1MB count=64 conv=fdatasync"
DOCKER = "0"
DOCKER_DEVICE = "docker0"
DOCKER_NETWORK4 = "172.17.0.0/16"
DOCKER_NETWORK6 = "2001:db8:1::/64"
IPTABLES = "/sbin/iptables"
IPTABLES_SAVE = "/sbin/iptables-save"
IPTABLES_RESTORE = "/sbin/iptables-restore"
IP6TABLES = "/sbin/ip6tables"
IP6TABLES_SAVE = "/sbin/ip6tables-save"
IP6TABLES_RESTORE = "/sbin/ip6tables-restore"
MODPROBE = "/sbin/modprobe"
IFCONFIG = "/sbin/ifconfig"
SENDMAIL = "/usr/sbin/sendmail"
PS = "/bin/ps"
VMSTAT = "/usr/bin/vmstat"
NETSTAT = "/bin/netstat"
LS = "/bin/ls"
MD5SUM = "/usr/bin/md5sum"
TAR = "/bin/tar"
CHATTR = "/usr/bin/chattr"
UNZIP = "/usr/bin/unzip"
GUNZIP = "/bin/gunzip"
DD = "/bin/dd"
TAIL = "/usr/bin/tail"
GREP = "/bin/grep"
ZGREP = "/usr/bin/zgrep"
IPSET = "/usr/sbin/ipset"
SYSTEMCTL = "/usr/bin/systemctl"
HOST = "/usr/bin/host"
IP = "/sbin/ip"
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/messages"
SMTPAUTH_LOG = "/var/log/exim_mainlog"
SMTPRELAY_LOG = "/var/log/exim_mainlog"
POP3D_LOG = "/var/log/maillog"
IMAPD_LOG = "/var/log/maillog"
CPANEL_LOG = "/usr/local/cpanel/logs/login_log"
CPANEL_ACCESSLOG = "/usr/local/cpanel/logs/access_log"
SCRIPT_LOG = "/var/log/exim_mainlog"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"
WEBMIN_LOG = "/var/log/secure"
CUSTOM1_LOG = "/var/log/customlog"
CUSTOM2_LOG = "/var/log/customlog"
CUSTOM3_LOG = "/var/log/customlog"
CUSTOM4_LOG = "/var/log/customlog"
CUSTOM5_LOG = "/var/log/customlog"
CUSTOM6_LOG = "/var/log/customlog"
CUSTOM7_LOG = "/var/log/customlog"
CUSTOM8_LOG = "/var/log/customlog"
CUSTOM9_LOG = "/var/log/customlog"
PORTS_pop3d = "110,995"
PORTS_imapd = "143,993"
PORTS_htpasswd = "80,443"
PORTS_mod_security = "80,443"
PORTS_mod_qos = "80,443"
PORTS_symlink = "80,443"
PORTS_suhosin = "80,443"
PORTS_cxs = "80,443"
PORTS_bind = "53;udp,53;tcp"
PORTS_ftpd = "20,21"
PORTS_webmin = "10000"
PORTS_cpanel = "2077,2078,2082,2083,2086,2087,2095,2096"
PORTS_smtpauth = "25,465,587"
PORTS_eximsyntax = "25,465,587"
PORTS_sshd = "22"
DEBUG = "0"