Enable Web Interface ¶
ConfigServer Firewall provides an optional web-based interface that lets you manage CSF from your browser. With it, you can configure settings, and blacklist or whitelist IPs without using commands or editing configuration files manually. If you choose not to enable the interface, all management must be done directly through the CSF config files, or by running commands through your shell.
Setup¶
This section covers the initial setup of the CSF web interface with only the essential requirements. Follow these steps to get the web interface up and running quickly.
Step 1: Install Perl Modules¶
CSF's web interface requires several Perl modules. If you followed our dependencies guide, these modules may already be installed. If not, run one of the commands below on your server.
Installation Options¶
You only need to choose one of the methods below. We provide multiple options for your convenience:
- Debian/Ubuntu › using
apt-get
- CentOS/RHEL › using
yum
ordnf
- Perl CPAN › using the stock
cpan
client - Perl CPANM › using
cpanm
(recommended for faster, non-interactive installs)
Dependency Levels¶
Each installation method below provides two options:
Full Dependencies
-
Installs all modules required to run every aspect of CSF.
Minimum Dependencies
-
Installs only the core modules needed for the web interface to function.
# #
# Full Dependencies
# #
sudo apt-get update && sudo apt-get install -y \
perl \
libio-socket-ssl-perl \
libwww-perl \
libjson-perl \
libnet-ssleay-perl \
libcrypt-ssleay-perl \
liblwp-protocol-https-perl \
libgd-graph-perl \
libio-socket-inet6-perl \
libsocket6-perl \
libnet-libidn-perl \
libtime-hires-perl \
sendmail-bin \
dnsutils \
unzip \
wget
# #
# Minimum Dependencies
# #
sudo apt-get update && sudo apt-get install -y \
libio-socket-ssl-perl \
libcrypt-ssleay-perl \
libnet-libidn-perl \
libio-socket-inet6-perl \
libsocket6-perl
# #
# Full Dependencies
# #
sudo yum install -y \
perl \
perl-IO-Socket-SSL.noarch \
perl-Net-SSLeay \
perl-Net-LibIDN \
perl-IO-Socket-Inet6 \
perl-Socket6 \
perl-libwww-perl \
perl-JSON \
perl-Crypt-SSLeay \
perl-LWP-Protocol-https.noarch \
perl-GDGraph \
perl-Math-BigInt \
perl-Time-HiRes \
perl-Socket \
net-tools \
ipset \
bind-utils \
wget \
unzip
# #
# Minimum Dependencies
# #
sudo yum makecache && sudo yum install -y \
perl-IO-Socket-SSL.noarch \
perl-Net-SSLeay \
perl-Net-LibIDN \
perl-IO-Socket-INET6 \
perl-Socket6
# #
# Full Dependencies
# #
sudo cpan -i \
IO::Socket::SSL \
IO::Socket::INET6 \
Socket6 \
Net::LibIDN \
LWP \
LWP::Protocol::https \
LWP::UserAgent \
JSON \
Net::SSLeay \
Crypt::SSLeay \
Digest::MD5 \
Digest::SHA \
Email::Valid \
GD::Graph \
Time::HiRes \
Socket
# #
# Minimum Dependencies
# #
sudo cpan -i \
IO::Socket::SSL \
Net::SSLeay \
Net::LibIDN \
IO::Socket::INET6 \
Socket6
# #
# Debian/Ubuntu
# #
sudo apt-get update && sudo apt-get install -y cpanminus
# #
# CentOS/RHEL
# #
sudo yum makecache && sudo yum install -y perl-App-cpanminus
# #
# Full Dependencies
# #
sudo cpanm \
IO::Socket::SSL \
IO::Socket::INET6 \
Socket6 \
Net::LibIDN \
LWP \
LWP::Protocol::https \
LWP::UserAgent \
JSON \
Net::SSLeay \
Crypt::SSLeay \
Digest::MD5 \
Digest::SHA \
Email::Valid \
GD::Graph \
Time::HiRes \
Socket
# #
# Minimum Dependencies
# #
sudo cpanm \
IO::Socket::SSL \
Net::SSLeay \
Net::LibIDN \
IO::Socket::INET6 \
Socket6
Step 2: Enable Web UI¶
To enable CSF web interface, edit the file /etc/csf/csf.conf
in a text editor:
We need to update the following values. Click to see information about each setting.
# #
# 1 to enable, 0 to disable web ui
# #
UI = "1" # (1)!
# #
# Set port for web UI. The default port is 6666, but
# I change this to 1025 to easy access. Default port create some issue
# with popular chrome and firefox browser (in my case)
# #
UI_PORT = "1025" # (2)!
# #
# Leave blank to bind to all IP addresses on the server
# #
UI_IP = "" # (3)!
# #
# Set username for authentication
# #
UI_USER = "admin" # (4)!
# #
# Set a strong password for authentication
# #
UI_PASS = "admin" # (5)!
- Defines if the CSF web interface is enabled or not. Will be
accessible via your web browser.
RequiredValues:
0
,1
- Defines the port to assign for the CSF web interface.
This should be set to a value of
1023
or higher.RequiredValues:> 1023
- Defines the IP address to bind to the CSF web interface.
If you plan to route this through Traefik, you should set this to your docker subnet such as
::ffff:172.17.0.1
.Leave blank if you want to bind to all IP addresses on server.RequiredValues:blank
,::IPv6:IPv4
- Defines the username that will be required in order to
sign into the CSF web interface. This should be alphabetic or numerical characters.
RequiredValues:
A-Z,a-z,0-9
- Defines the password that will be required in order to
sign into the CSF web interface. This should alphabetic, numerical, or special characters.
RequiredValues:
A-Z,a-z,0-9,!@#$%^&*()-_=+
Save and exit. Then open the file /etc/csf/ui/ui.allow
and add your client IP to allow access to the CSF web interface. Ensure you only add one IP address per line:
If you opt to define an IP address to CSF by setting UI_IP
, you must ensure you whitelist the gateway address in your /etc/csf/ui/ui.allow
The CSF web interface works under the lfd daemon
LFD. We need to restart the LFD on your system using the command:
In order to gain access to the online admin panel; you must ensure LFD and CSF are running. You can check by running the commands:
You should see the following:
● lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/lib/systemd/system/lfd.service; enabled; preset: enabled)
Active: active (running) since Mon 2025-19-21 11:59:38 UTC; 1s ago
Process: 46393 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
Main PID: 46407 (lfd - sleeping)
Tasks: 8 (limit: 4613)
Memory: 121.7M
CPU: 2.180s
CGroup: /system.slice/lfd.service
Next, confirm CSF service is also running:
Check the output for any errors; which there should be none.
● csf.service - ConfigServer Firewall & Security - csf
Loaded: loaded (/lib/systemd/system/csf.service; enabled; preset: enabled)
Active: active (exited) since Mon 2024-08-05 12:04:09 UTC; 1s ago
Process: 46916 ExecStart=/usr/sbin/csf --initup (code=exited, status=0/SUCCESS)
Main PID: 46916 (code=exited, status=0/SUCCESS)
CPU: 12.692s
If you see the following error; you must install ipset
on your system:
csf[46313]: open3: exec of /sbin/ipset flush failed: No such file or directory at /usr/sbin/csf line 5650.
Alternatively, you can restart CSF
and LFD
at the same time by running:
Step 3: Access Web UI¶
Access the CSF interface in your browser with the specified IP and port. For these docs; we used port 1025
.
Default Web Interface Username & Password
You cannot keep the web interface username and password defaulted to admin
; you will get an error that the credentials must be changed within /etc/csf/csf.conf
.
Ggo back to the /etc/csf/csf.conf
set UI_USER
and UI_PASS
to something else.

After successful login, you should see the following:

If you try to access the CSF web interface in your browser and you get an error similar to the following:
Secure Connection Failed
An error occurred during a connection to 172.17.0.1:1025. PR_CONNECT_RESET_ERROR
Error code: PR_CONNECT_RESET_ERROR
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Open your lfd logs at /var/logs/lfd.log
and see if any messages state that you attempted to access the web interface, but were denied access. The message will be similar to the following:
Oct 2 02:55:38 configserver lfd[42635]: UI: Access attempt from an IP not in /etc/csf/ui/ui.allow - denied [127.0.0.1]
An error like above means that you have not whitelisted the correct IP in your /etc/csf/ui/ui.allow
file. You must whitelist the correct IP before you'll be able to access the web interface.
We will cover how to actually use the CSF web interface in another section. As of right now you should at least be able to access the web interface by going to http://127.0.0.1:1025
in your browser. Or whatever IP and port you assigned within the /etc/csf/csf.conf
.
Conclusion¶
By this point in the guide, you should have:
- CSF installed and functioning
- Access to the CSF web interface via an IP and port
The next section will show you how to put the CSF web interface behind third-party apps such as Traefik Reverse Proxy and secure it with Authentik.
These steps are optional. They enhance the security of your web interface and help prevent unauthorized access, but you do not need to perform them to continue using CSF.
Next Steps ¶
Select what documentation you would like to proceed with next ...
-
This section explains how to run CSF and Docker together in the same environment. By using CSF’s integrated Docker mode and the included Docker scripts, you can strengthen your server’s security while running your containers safely within a controlled setup.
We’ve provided a detailed set of instructions along with troubleshooting guidance to help you resolve any issues that may arise during setup.
-
Protect your CSF installation by placing it behind a Traefik Reverse Proxy.
This setup lets you filter and control traffic to the CSF web interface using Traefik’s middleware, all with the added bonus that you do not need to expose or open the ports to your server.
With middleware, you can whitelist your own IP for secure access and enforce geographic restrictions to allow or block traffic from specific countries.
-
Enhance the security of CSF by placing it behind the Authentik identity provider using a forward proxy.
This ensures that all traffic to the CSF web interface passes through Authentik, giving you centralized control over authentication and access.
With this setup, CSF is protected by modern authentication methods such as passwords, two-factor authentication (2FA), or passkeys.
-
If you don’t plan to set up Traefik or Authentik with the CSF web interface, you can skip ahead to the Usage section.
The next chapter covers CSF’s core features, basic configuration, available commands, folder structure, and everything you need to get started.
You will be taken on a more detailed dive of how CSF can benefit you and what options you have for securing your server.