About Versioning¶
This repository categorizes ConfigServer Security & Firewall (CSF) into two distinct development eras:
| Version Range | Developer | Description | This Page Covers |
|---|---|---|---|
| v15.01 and Newer | Aetherinox | Maintained after August 2025 | |
| v15.00 and Older | Way to the Web | Legacy releases prior to August 2025 |
The final release of CSF v15.00 by Way to the Web removed all automatic update functionality as a result of the company shutting down. Consequently, automatic updates no longer work on that version.
CSF v15.01 was the first release maintained by this repository, which restored automatic update support by introducing new servers.
To regain automatic update functionality, any server running CSF v15.00 and older by the company Web to the Web, must be migrated to this repository’s maintained version of CSF v15.01 and newer.
Update from v15.00 Legacy to v15.01 ¶
This page explains how to update ConfigServer Security and Firewall (CSF) from the legacy versions maintained by Way to the Web Ltd (v15.00 and earlier) to the modern v15.01+ releases by Aetherinox.
Because Way to the Web has discontinued their version of CSF, the built-in automatic update system in v15.00 and older can no longer retrieve newer releases. As a result, upgrading past v15.00 requires a one-time manual update.
By installing v15.01 by Aetherinox, you restore full automatic update functionality. Once updated, CSF will again be able to fetch and install all future releases without requiring any manual intervention.
Update Files¶
Before You Update …
Make sure to back up any important configuration files located in /etc/csf/.
Although existing files are never overwritten during the update process, it is strongly recommended to create backups before proceeding, as a general best practice.
To upgrade CSF from v14.x or v15.00, over to Aetherinox’s v15.01, you’ll need to manually download the latest release and run the installation script. This process replaces the old CSF files with the updated codebase, including the restored automatic update system.
If you don’t already have the latest version of CSF downloaded, grab it using one of the commands below:
Decompress / unzip the downloaded archive file:
Run the CSF installation script:
Follow any instructions on-screen. If prompted for any additional information, enter it. Once the wizard completes, you can confirm if CSF is installed and functioning by accessing your server via SSH, and running the CSF version command:
The final required step is to open your /etc/csf/csf.conf config file and ensure that the setting TESTING is set to 0.
# #
# SECTION:Initial Settings
# #
# Testing flag - enables a cron job that clears iptables if there are
# configuration problems when csf starts. Keep this enabled until you are
# confident the firewall is working correctly. This helps prevent getting
# locked out of your server.
#
# Once confirmed, set this flag to 0 and restart csf. Stopping csf will
# remove the cron job from /etc/crontab.
#
# Note: lfd will not start while this flag is enabled.
# #
TESTING = "1"
# #
# SECTION:Initial Settings
# #
# Testing flag - enables a cron job that clears iptables if there are
# configuration problems when csf starts. Keep this enabled until you are
# confident the firewall is working correctly. This helps prevent getting
# locked out of your server.
#
# Once confirmed, set this flag to 0 and restart csf. Stopping csf will
# remove the cron job from /etc/crontab.
#
# Note: lfd will not start while this flag is enabled.
# #
TESTING = "0"
After you have modified the above setting, you simply need to give CSF's services a restart by running the following command:
Confirm the status of csf by running:
● csf.service - ConfigServer Security & Firewall - csf
Loaded: loaded (/lib/systemd/system/csf.service; enabled; vendor preset: enabled)
Active: active (exited) since Mon 2025-11-19 23:45:04 UTC; 14 seconds ago
Main PID: 597 (code=exited, status=0/SUCCESS)
CPU: 0min 14.956s
Notice: journal has been rotated since unit was started, output may be incomplete.
If you see the status of CSF listed as Active, you are ready to go.
Future Updates¶
After you have updated from Way to the Web's v15.00 of ConfigServer Security and Firewall to Aetherinox's v15.01, this will give you the ability to utilize CSF's automatic update functionality for any future updates you wish to apply.
You can check for updates using either the Commandline (CLI), or with the CSF Web Interface.
Using the Command Line¶
To check whether you're running the latest CSF v15.01 release, use the command below. It will only look for available updates and will not install anything.
You should see one of the following depending on if an update is available or not:
If you want CSF to automatically update without performing a check first, use the command below. If a newer version is available, it will install it immediately without any prior notification.
You can also run a forced update, which installs the latest available version of CSF regardless of whether an update is detected. This command will overwrite the current installation files even if you’re already up to date.
Next Steps ¶
Select what documentation you would like to proceed with next ...
-
Starting CSF requires disabling testing mode and enabling the firewall so it runs normally.
This chapter explains how to start both CSF and LFD services and ensure they launch on boot.
You’ll also find troubleshooting tips for common startup errors and how to fix them quickly.
-
The web interface lets you manage your firewall through a browser instead of a command line.
This chapter covers installation of dependencies, enabling the interface, and whitelisting your IP for security.