Skip to content

Start Services

After you have installed CSF, we can now start the services required for CSF and LFD to run properly. This section covers the basics of getting the services up and running. However, it does not go into detailed configurations.



Disable Testing Mode

Testing mode is a feature built into CSF and LFD which does the following when TESTING is enabled:

  • Allows safe configuration of CSF without enforcing firewall rules or banning IPs.
  • Reads configuration files like /etc/ssh/sshd_config to detect service ports. Detected ports (SSH, IPv6, TCP/UDP) are added to CSF config variables such as TCP_IN, TCP6_IN, UDP_IN in /etc/csf/csf.conf.
  • LFD does not run as a daemon.
  • Adds a cron job to periodically reload CSF rules for testing, but no actual blocking occurs.
  • IPs in csf.allow and csf.deny are processed for testing but not enforced.
  • Displays currently listening ports to sysadmin; helps safely configure CSF before enabling enforcement.
Testing Mode Disables LFD

If you plan to utilize our LFD service; you MUST disable TESTING MODE.


Out of box, CSF enables TESTING MODE. If this mode is enabled, the LFD daemon service will not start. To disable testing mode, we need to open /etc/csf/csf.conf and locate the following:

/etc/csf/csf.conf
# ##############################################################################
#   Initial Settings
# ##############################################################################
#   Testing flag - enables a CRON job that clears iptables incase of
#   configuration problems when you start csf. This should be enabled until you
#   are sure that the firewall works - i.e. incase you get locked out of your
#   server! Then do remember to set it to 0 and restart csf when you're sure
#   everything is OK. Stopping csf will remove the line from /etc/crontab
#   
#   lfd will not start while this is enabled
# #
TESTING = "1"


Flip the value of TESTING from 1 to 0:

/etc/csf/csf.conf
TESTING = "1"
/etc/csf/csf.conf
TESTING = "0"


If you already skipped ahead and started CSF up, you'll need to perform a restart of the services with the command:

sudo csf -ra


After disabling TESTING mode, you can now start the services up. Proceed to the section Enable & Disable CSF.





Enable and Disable CSF

CSF and LFD can be set to enabled or disabled. Once you complete this section and enable csf, you can then confirm that CSF and LFD are running.


enable

Enable csf and lfd if previously disabled

sudo csf --enable
disable

Disable csf and lfd completely

sudo csf --disable





CSF Service

This section outlines how to ensure the CSF service is operating correctly. First, let's start up the CSF service:

sudo systemctl start csf
sudo csf -ra


Check the current status of CSF by running the command:

sudo systemctl status csf

 csf.service - ConfigServer Firewall & Security - csf
    Loaded: loaded (/lib/systemd/system/csf.service; enabled; vendor preset: enabled)
    Active: active (exited) since Mon 2025-09-15 23:45:04 UTC; 14 seconds ago
  Main PID: 597 (code=exited, status=0/SUCCESS)
        CPU: 0min 14.956s

Notice: journal has been rotated since unit was started, output may be incomplete.


If you notice that CSF is not running or has the status inactive (dead) like the following:

sudo systemctl status csf

 csf.service - ConfigServer Firewall & Security - csf
    Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; preset: enabled)
    Active: inactive (dead)


We must enable the services to ensure they are running. Execute the commands below in your terminal:

sudo systemctl start csf
sudo csf -ra


Confirm that the service is up and running:

sudo systemctl status csf

 csf.service - ConfigServer Firewall & Security - csf
    Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; preset: enabled)
    Active: active (exited) since Sun 2025-09-21 01:35:45 UTC; 4s ago
    Process: 449564 ExecStart=/usr/sbin/csf --initup (code=exited, status=0/SUCCESS)
  Main PID: 449564 (code=exited, status=0/SUCCESS)
        CPU: 621ms


After you have confirmed that the CSF service is running, we need to ensure that the LFD is also operating normally.





LFD Service

This section outlines how to ensure the LFD service is operating correctly. First, let's start up the LFD service:

sudo systemctl start lfd
sudo csf -ra


Check the current status of LFD by running the command:

sudo systemctl status lfd

 lfd.service - ConfigServer Firewall & Security - lfd
    Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; preset: enabled)
    Active: active (running) since Sun 2025-09-21 01:11:21 UTC; 1min 17s ago
    Process: 335736 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
  Main PID: 335770 (lfd - sleeping)
      Tasks: 1 (limit: 4546)
    Memory: 38.8M (peak: 55.0M)
        CPU: 4.375s
    CGroup: /system.slice/lfd.service
            └─335770 "lfd - sleeping"


If you see the status failed like the following example, this could be for any number of reasons. We will review below:

× lfd.service - ConfigServer Firewall & Security - lfd
    Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; preset: enabled)
    Active: failed (Result: signal) since Sun 2025-09-21 01:52:34 UTC; 20min ago
    Process: 115504 ExecStart=/usr/sbin/lfd (code=killed, signal=KILL)
        CPU: 186ms


Ensure CSF and LFD are both enabled:

sudo csf -e


Another option to check the reason for the failure is to read out the lfd logs located at /var/log/lfd.log:

sudo tail -n 50 /var/log/lfd.log

Sep 21 01:44:34 server lfd[99819]: *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 98
Sep 21 01:44:34 server lfd[99819]: daemon stopped
Sep 21 01:47:24 server lfd[105308]: *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 98
Sep 21 01:47:24 server lfd[105308]: daemon stopped
Sep 21 01:47:56 server lfd[101396]: *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 98
Sep 21 01:47:56 server lfd[101396]: daemon stopped
Sep 21 01:50:39 server lfd[111685]: *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 98
Sep 21 01:50:39 server lfd[111685]: daemon stopped
Sep 21 01:52:07 server lfd[114496]: *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 98
Sep 21 01:52:07 server lfd[114496]: daemon stopped
Sep 21 01:52:34 server lfd[115504]: *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 98
Sep 21 01:52:34 server lfd[115504]: daemon stopped
Sep 21 01:55:17 server lfd[120584]: *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 98
Sep 21 01:55:17 server lfd[120584]: daemon stopped


As our logs above show, it is complaining that TESTIN mode is enabled. You must ensure this mode is disabled before you will be able to enable the lfd service. Check that TESTING = "0" is set in your /etc/csf/csf.conf. Flip the value of TESTING from 1 to 0:

/etc/csf/csf.conf
TESTING = "1"
/etc/csf/csf.conf
TESTING = "0"


Attempt to start LFD again:

sudo systemctl start lfd
sudo csf -ra


You should now be able to confirm that LFD is running:

sudo systemctl status lfd

 lfd.service - ConfigServer Firewall & Security - lfd
    Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; preset: enabled)
    Active: active (running) since Sun 2025-09-21 01:44:00 UTC; 53min ago
    Process: 335736 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
  Main PID: 335770 (lfd - sleeping)
      Tasks: 1 (limit: 4546)
    Memory: 39.2M (peak: 63.3M)
        CPU: 15.090s
    CGroup: /system.slice/lfd.service
            └─335770 "lfd - sleeping"





Troubleshooting

Refer to the following troubleshooting tips if you have issues with installing and starting CSF or the LFD daemon.


lfd.service will not start (inactive (dead))

First, let's ensure TESTING mode is disabled. Run the following tail command to look at the lfd logs located in /var/log/lfd.log:

sudo tail -n 50 /var/log/lfd.log

Sep 21 01:44:34 server lfd[99819]: *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 98
Sep 21 01:44:34 server lfd[99819]: daemon stopped
Sep 21 01:47:24 server lfd[105308]: *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 98
Sep 21 01:47:24 server lfd[105308]: daemon stopped
Sep 21 01:47:56 server lfd[101396]: *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 98
Sep 21 01:47:56 server lfd[101396]: daemon stopped
Sep 21 01:50:39 server lfd[111685]: *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 98
Sep 21 01:50:39 server lfd[111685]: daemon stopped
Sep 21 01:52:07 server lfd[114496]: *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 98
Sep 21 01:52:07 server lfd[114496]: daemon stopped
Sep 21 01:52:34 server lfd[115504]: *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 98
Sep 21 01:52:34 server lfd[115504]: daemon stopped
Sep 21 01:55:17 server lfd[120584]: *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf, at line 98
Sep 21 01:55:17 server lfd[120584]: daemon stopped


If you see the above logs, this means that TESTING mode is enabled. In order for the LFD daemon to start, you must disable testing mode. Open /etc/csf/csf.conf and change the following:

/etc/csf/csf.conf
TESTING = "1"
/etc/csf/csf.conf
TESTING = "0"


You can also try to run LFD with strace:

sudo strace -f /usr/sbin/lfd --check

rt_sigaction(SIGRT_25, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_26, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_27, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_28, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_29, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_30, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_31, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_32, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGABRT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGCHLD, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGIO, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
exit_group(0)                           = ?
+++ exited with 0 +++


Sometimes strace will give you hints as to what went wrong. In the example above, lfd is exiting with error code 0, which means “success / no error”. The program is choosing to shut itself down and telling the OS “I finished cleanly.”. This tells us that it's not due to something failing.

When a daemon exits cleanly (exit code 0), you usually have to look inside lfd's own logs, not just systemd’s.

In our example above, we clearly see in the /var/log/lfd.log file that it was due to us having TESTING enabled.


Another option for checking failure reasons is to run the following command:

sudo dmesg -T | tail -n 20


You can also check journalctl for any errors:

sudo journalctl -xeu lfd.service


All of the listed methods above will help you narrow down exactly why CSF or LFD are not starting properly.



Next Steps

Select what documentation you would like to proceed with next ...

  •   Enable Web Interface

    The web interface lets you manage your firewall through a browser instead of a command line.

    This chapter covers installation of dependencies, enabling the interface, and whitelisting your IP for security.

    You’ll also learn how to access the interface safely and protect it from unauthorized users.

  •   Usage Introduction

    If you don’t plan to set up Traefik or Authentik with the CSF web interface, you can skip ahead to the Usage section.

    The next chapter covers CSF’s core features, basic configuration, available commands, folder structure, and everything you need to get started.

    You will be taken on a more detailed dive of how CSF can benefit you and what options you have for securing your server.