My CSF configuration
TESTING = "0" TESTING_INTERVAL = "5" RESTRICT_SYSLOG = "3" RESTRICT_SYSLOG_GROUP = "mysyslog" RESTRICT_UI = "1" AUTO_UPDATES = "1" LF_SPI = "1" TCP_IN = "20,21,49152:65534,25,53,80,110,143,443,465,587,993,995,2083,2096" TCP_OUT = "20,21,23,25,37,43,80,110,113,143,443,587,873,995,2089,8081,26,465,993,3306,8080" UDP_IN = "20,21,53" UDP_OUT = "20,21,53,113,123,873,6277,24441" ICMP_IN = "1" ICMP_IN_RATE = "1/s" ICMP_OUT = "1" ICMP_OUT_RATE = "0" ICMP_TIMESTAMPDROP = "0" IPV6 = "0" IPV6_ICMP_STRICT = "0" IPV6_SPI = "1" TCP6_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096" TCP6_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,993,995,2086,2087,2089,2703" UDP6_IN = "20,21,53" UDP6_OUT = "20,21,53,113,123,873,6277,24441" ETH_DEVICE = "" ETH6_DEVICE = "" ETH_DEVICE_SKIP = "" USE_CONNTRACK = "1" USE_FTPHELPER = "0" SYSLOG_CHECK = "900" RELAYHOSTS = "1" IGNORE_ALLOW = "0" DNS_STRICT = "0" DNS_STRICT_NS = "0" DENY_IP_LIMIT = "200" DENY_TEMP_IP_LIMIT = "300" LF_DAEMON = "1" LF_CSF = "1" FASTSTART = "1" LF_IPSET = "0" WAITLOCK = "0" WAITLOCK_TIMEOUT = "300" LF_IPSET_HASHSIZE = "1024" LF_IPSET_MAXELEM = "65536" LFDSTART = "0" VERBOSE = "1" PACKET_FILTER = "1" LF_LOOKUPS = "0" STYLE_CUSTOM = "1" STYLE_MOBILE = "1" SMTP_BLOCK = "1" SMTP_ALLOWLOCAL = "1" SMTP_REDIRECT = "0" SMTP_PORTS = "25,465,587" SMTP_ALLOWUSER = "cpanel" SMTP_ALLOWGROUP = "mail,mailman" SMTPAUTH_RESTRICT = "0" SYNFLOOD = "0" SYNFLOOD_RATE = "100/s" SYNFLOOD_BURST = "150" CONNLIMIT = "21;5,25;8,587;8,465;5,80;50,443;50,110;10,143;20,993;30,995;30,2082;5,2083;20,2095;10,2096;30" PORTFLOOD = "" UDPFLOOD = "0" UDPFLOOD_LIMIT = "100/s" UDPFLOOD_BURST = "500" UDPFLOOD_ALLOWUSER = "named" SYSLOG = "1" DROP = "DROP" DROP_OUT = "REJECT" DROP_LOGGING = "1" DROP_IP_LOGGING = "0" DROP_OUT_LOGGING = "1" DROP_UID_LOGGING = "1" DROP_ONLYRES = "0" DROP_NOLOG = "23,67,68,111,113,135:139,445,500,513,520" DROP_PF_LOGGING = "0" CONNLIMIT_LOGGING = "1" UDPFLOOD_LOGGING = "1" LOGFLOOD_ALERT = "1" LF_ALERT_TO = "" LF_ALERT_FROM = "" LF_ALERT_SMTP = "" BLOCK_REPORT = "" UNBLOCK_REPORT = "" X_ARF = "0" X_ARF_FROM = "" X_ARF_TO = "" X_ARF_ABUSE = "0" LF_PERMBLOCK = "1" LF_PERMBLOCK_INTERVAL = "86400" LF_PERMBLOCK_COUNT = "4" LF_PERMBLOCK_ALERT = "1" LF_NETBLOCK = "0" LF_NETBLOCK_INTERVAL = "86400" LF_NETBLOCK_COUNT = "4" LF_NETBLOCK_CLASS = "C" LF_NETBLOCK_ALERT = "1" LF_NETBLOCK_IPV6 = "" SAFECHAINUPDATE = "0" DYNDNS = "0" DYNDNS_IGNORE = "0" LF_GLOBAL = "86400" GLOBAL_ALLOW = "" GLOBAL_DENY = "https://your_domain/csf_blacklist.txt" GLOBAL_IGNORE = "" GLOBAL_DYNDNS = "" GLOBAL_DYNDNS_INTERVAL = "600" GLOBAL_DYNDNS_IGNORE = "0" LF_BOGON_SKIP = "" URLGET = "2" URLPROXY = "" CC_DENY = "" CC_ALLOW = "" CC_ALLOW_FILTER = "" CC_ALLOW_PORTS = "" CC_ALLOW_PORTS_TCP = "" CC_ALLOW_PORTS_UDP = "" CC_DENY_PORTS = "" CC_DENY_PORTS_TCP = "" CC_DENY_PORTS_UDP = "" CC_IGNORE = "" CC_ALLOW_SMTPAUTH = "" CC_DROP_CIDR = "" CC_LOOKUPS = "1" CC6_LOOKUPS = "0" CC_INTERVAL = "7" LF_TRIGGER = "0" LF_TRIGGER_PERM = "900" LF_SELECT = "1" LF_EMAIL_ALERT = "1" LF_SSHD = "5" LF_SSHD_PERM = "86400" LF_FTPD = "20" LF_FTPD_PERM = "1800" LF_SMTPAUTH = "20" LF_SMTPAUTH_PERM = "1800" LF_EXIMSYNTAX = "10" LF_EXIMSYNTAX_PERM = "1800" LF_POP3D = "30" LF_POP3D_PERM = "1800" LF_IMAPD = "30" LF_IMAPD_PERM = "1800" LF_HTACCESS = "0" LF_HTACCESS_PERM = "300" LF_CPANEL = "5" LF_CPANEL_PERM = "1800" LF_MODSEC = "5" LF_MODSEC_PERM = "600" LF_BIND = "0" LF_BIND_PERM = "1" LF_SUHOSIN = "0" LF_SUHOSIN_PERM = "1" LF_CXS = "0" LF_CXS_PERM = "1" LF_QOS = "0" LF_QOS_PERM = "1" LF_SYMLINK = "0" LF_SYMLINK_PERM = "1" LF_WEBMIN = "0" LF_WEBMIN_PERM = "1" LF_SSH_EMAIL_ALERT = "0" LF_SU_EMAIL_ALERT = "0" LF_WEBMIN_EMAIL_ALERT = "0" LF_CONSOLE_EMAIL_ALERT = "0" LF_APACHE_404 = "60" LF_APACHE_404_PERM = "1800" LF_APACHE_403 = "60" LF_APACHE_403_PERM = "600" LF_APACHE_401 = "10" LF_APACHE_401_PERM = "600" LF_APACHE_ERRPORT = "0" LF_CPANEL_ALERT = "1" LF_CPANEL_ALERT_ACTION = "" LF_CPANEL_ALERT_USERS = "root" LF_CPANEL_BANDMIN = "0" LF_SCRIPT_ALERT = "1" LF_SCRIPT_LIMIT = "200" LF_SCRIPT_ACTION = "" LF_SCRIPT_PERM = "0" LF_QUEUE_ALERT = "2000" LF_QUEUE_INTERVAL = "300" LF_MODSECIPDB_ALERT = "1" LF_MODSECIPDB_FILE = "/var/cpanel/secdatadir/ip.pag" LF_EXPLOIT = "300" LF_EXPLOIT_IGNORE = "" LF_INTERVAL = "1800" LF_PARSE = "5" LF_FLUSH = "3600" LF_REPEATBLOCK = "0" LF_BLOCKINONLY = "1" CF_ENABLE = "0" CF_CPANEL = "" CF_BLOCK = "block" CF_TEMP = "3600" LF_DIRWATCH = "300" LF_DIRWATCH_DISABLE = "0" LF_DIRWATCH_FILE = "0" LF_INTEGRITY = "0" LF_DISTATTACK = "0" LF_DISTATTACK_UNIQ = "2" LF_DISTFTP = "5" LF_DISTFTP_UNIQ = "3" LF_DISTFTP_PERM = "3600" LF_DISTFTP_ALERT = "1" LF_DISTSMTP = "5" LF_DISTSMTP_UNIQ = "3" LF_DISTSMTP_PERM = "3600" LF_DISTSMTP_ALERT = "1" LF_DIST_INTERVAL = "300" LF_DIST_ACTION = "" LT_POP3D = "0" LT_IMAPD = "0" LT_EMAIL_ALERT = "1" LT_SKIPPERMBLOCK = "1" RT_RELAY_ALERT = "1" RT_RELAY_LIMIT = "100" RT_RELAY_BLOCK = "0" RT_AUTHRELAY_ALERT = "1" RT_AUTHRELAY_LIMIT = "200" RT_AUTHRELAY_BLOCK = "900" RT_POPRELAY_ALERT = "1" RT_POPRELAY_LIMIT = "100" RT_POPRELAY_BLOCK = "0" RT_LOCALRELAY_ALERT = "1" RT_LOCALRELAY_LIMIT = "100" RT_LOCALHOSTRELAY_ALERT = "1" RT_LOCALHOSTRELAY_LIMIT = "100" RT_ACTION = "" CT_LIMIT = "50" CT_INTERVAL = "30" CT_EMAIL_ALERT = "1" CT_PERMANENT = "0" CT_BLOCK_TIME = "300" CT_SKIP_TIME_WAIT = "1" CT_STATES = "SYN_RECV" CT_PORTS = "" PT_LIMIT = "300" PT_INTERVAL = "60" PT_SKIP_HTTP = "0" PT_ALL_USERS = "1" PT_DELETED = "0" PT_DELETED_ACTION = "" PT_USERPROC = "25" PT_USERMEM = "0" PT_USERRSS = "0" PT_USERTIME = "1800" PT_USERKILL = "1" PT_USERKILL_ALERT = "1" PT_USER_ACTION = "" PT_LOAD = "60" PT_LOAD_AVG = "5" PT_LOAD_LEVEL = "20" PT_LOAD_SKIP = "3600" PT_APACHESTATUS = "http://127.0.0.1/whm-server-status" PT_LOAD_ACTION = "" PT_FORKBOMB = "0" PT_SSHDKILL = "0" PT_SSHDHUNG = "0" PS_INTERVAL = "0" PS_LIMIT = "10" PS_PORTS = "0:65535,ICMP" PS_DIVERSITY = "1" PS_PERMANENT = "0" PS_BLOCK_TIME = "3600" PS_EMAIL_ALERT = "1" UID_INTERVAL = "0" UID_LIMIT = "10" UID_PORTS = "0:65535,ICMP" AT_ALERT = "2" AT_INTERVAL = "60" AT_NEW = "1" AT_OLD = "1" AT_PASSWD = "1" AT_UID = "1" AT_GID = "1" AT_DIR = "1" AT_SHELL = "1" UI = "0" UI_PORT = "6666" UI_IP = "" UI_USER = "username" UI_PASS = "password" UI_TIMEOUT = "300" UI_CHILDREN = "5" UI_RETRY = "5" UI_BAN = "1" UI_ALLOW = "1" UI_BLOCK = "1" UI_ALERT = "4" UI_CIPHER = "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH" UI_SSL_VERSION = "SSLv23:!SSLv3:!SSLv2" UI_CXS = "0" UI_CSE = "0" MESSENGER = "0" MESSENGER_TEMP = "1" MESSENGER_PERM = "1" MESSENGER_USER = "csf" MESSENGER_CHILDREN = "10" MESSENGERV2 = "0" MESSENGER_HTTPS = "8887" MESSENGER_HTTPS_IN = "" MESSENGER_HTTPS_CONF = "/usr/local/apache/conf/httpd.conf" MESSENGER_HTTPS_SKIPMAIL = "1" MESSENGER_HTTPS_KEY = "/var/cpanel/ssl/cpanel/mycpanel.pem" MESSENGER_HTTPS_CRT = "/var/cpanel/ssl/cpanel/mycpanel.pem" MESSENGER_HTML = "8888" MESSENGER_HTML_IN = "80,2082,2095" MESSENGER_TEXT = "8889" MESSENGER_TEXT_IN = "21" MESSENGER_RATE = "100/s" MESSENGER_BURST = "150" RECAPTCHA_SITEKEY = "" RECAPTCHA_SECRET = "" RECAPTCHA_ALERT = "1" RECAPTCHA_NAT = "" CLUSTER_SENDTO = "" CLUSTER_RECVFROM = "" CLUSTER_MASTER = "" CLUSTER_NAT = "" CLUSTER_LOCALADDR = "" CLUSTER_PORT = "7777" CLUSTER_KEY = "" CLUSTER_BLOCK = "1" CLUSTER_CONFIG = "1" CLUSTER_CHILDREN = "25" PORTKNOCKING = "" PORTKNOCKING_LOG = "1" PORTKNOCKING_ALERT = "1" LOGSCANNER = "0" LOGSCANNER_INTERVAL = "hourly" LOGSCANNER_STYLE = "1" LOGSCANNER_EMPTY = "1" LOGSCANNER_LINES = "5000" ST_ENABLE = "0" ST_IPTABLES = "100" ST_LOOKUP = "0" ST_SYSTEM = "1" ST_SYSTEM_MAXDAYS = "30" ST_MYSQL = "0" ST_MYSQL_USER = "root" ST_MYSQL_PASS = "" ST_MYSQL_HOST = "localhost" ST_APACHE = "0" ST_DISKW = "0" ST_DISKW_FREQ = "5" ST_DISKW_DD = "if=/dev/zero of=/var/lib/csf/dd_test bs=1MB count=64 conv=fdatasync" DOCKER = "0" DOCKER_DEVICE = "docker0" DOCKER_NETWORK4 = "172.17.0.0/16" DOCKER_NETWORK6 = "2001:db8:1::/64" IPTABLES = "/sbin/iptables" IPTABLES_SAVE = "/sbin/iptables-save" IPTABLES_RESTORE = "/sbin/iptables-restore" IP6TABLES = "/sbin/ip6tables" IP6TABLES_SAVE = "/sbin/ip6tables-save" IP6TABLES_RESTORE = "/sbin/ip6tables-restore" MODPROBE = "/sbin/modprobe" IFCONFIG = "/sbin/ifconfig" SENDMAIL = "/usr/sbin/sendmail" PS = "/bin/ps" VMSTAT = "/usr/bin/vmstat" NETSTAT = "/bin/netstat" LS = "/bin/ls" MD5SUM = "/usr/bin/md5sum" TAR = "/bin/tar" CHATTR = "/usr/bin/chattr" UNZIP = "/usr/bin/unzip" GUNZIP = "/bin/gunzip" DD = "/bin/dd" TAIL = "/usr/bin/tail" GREP = "/bin/grep" ZGREP = "/usr/bin/zgrep" IPSET = "/usr/sbin/ipset" SYSTEMCTL = "/usr/bin/systemctl" HOST = "/usr/bin/host" IP = "/sbin/ip" HTACCESS_LOG = "/usr/local/apache/logs/error_log" MODSEC_LOG = "/usr/local/apache/logs/error_log" SSHD_LOG = "/var/log/secure" SU_LOG = "/var/log/secure" FTPD_LOG = "/var/log/messages" SMTPAUTH_LOG = "/var/log/exim_mainlog" SMTPRELAY_LOG = "/var/log/exim_mainlog" POP3D_LOG = "/var/log/maillog" IMAPD_LOG = "/var/log/maillog" CPANEL_LOG = "/usr/local/cpanel/logs/login_log" CPANEL_ACCESSLOG = "/usr/local/cpanel/logs/access_log" SCRIPT_LOG = "/var/log/exim_mainlog" IPTABLES_LOG = "/var/log/messages" SUHOSIN_LOG = "/var/log/messages" BIND_LOG = "/var/log/messages" SYSLOG_LOG = "/var/log/messages" WEBMIN_LOG = "/var/log/secure" CUSTOM1_LOG = "/var/log/customlog" CUSTOM2_LOG = "/var/log/customlog" CUSTOM3_LOG = "/var/log/customlog" CUSTOM4_LOG = "/var/log/customlog" CUSTOM5_LOG = "/var/log/customlog" CUSTOM6_LOG = "/var/log/customlog" CUSTOM7_LOG = "/var/log/customlog" CUSTOM8_LOG = "/var/log/customlog" CUSTOM9_LOG = "/var/log/customlog" PORTS_pop3d = "110,995" PORTS_imapd = "143,993" PORTS_htpasswd = "80,443" PORTS_mod_security = "80,443" PORTS_mod_qos = "80,443" PORTS_symlink = "80,443" PORTS_suhosin = "80,443" PORTS_cxs = "80,443" PORTS_bind = "53;udp,53;tcp" PORTS_ftpd = "20,21" PORTS_webmin = "10000" PORTS_cpanel = "2077,2078,2082,2083,2086,2087,2095,2096" PORTS_smtpauth = "25,465,587" PORTS_eximsyntax = "25,465,587" PORTS_sshd = "22" DEBUG = "0"