Home · Start Here · Reference Map

• What CSF and LFD are and why they exist.
• Directory layout used by CSF installs.
• How panel integrations fit into the stack.

Related guide: Start-Here

CSF is an SPI iptables firewall designed for straightforward configuration on Linux servers. It supports both panel-managed and standalone (generic Linux) deployments and ships with preconfigured defaults for common scenarios.

Control panel integrations are available for cPanel, DirectAdmin, and Webmin.

• /etc/csf/ — configuration files
• /var/lib/csf/ — temporary data files
• /usr/local/csf/bin/ — scripts
• /usr/local/csf/lib/ — perl modules and static data
• /usr/local/csf/tpl/ — email alert templates

LFD is a persistent daemon that monitors authentication logs in near-real-time. It detects repeated login failures (brute-force patterns) and blocks offending IPs within seconds of threshold breach — significantly faster than cron-based alternatives that run on fixed intervals.

Beyond brute-force detection, LFD performs a range of integrity and behavioral checks that alert administrators to server changes, potential problems, and possible compromises.

On cPanel servers, LFD integrates with WHM Service Manager for automatic restart on failure.

CSF provides a management front-end for cPanel, DirectAdmin, and Webmin. The UI allows operators to modify configuration files, control service state (stop/start/restart), and view operational status.

All operations are also available through the comprehensive Command Line Interface (CLI).

Last reviewed: 2026-02-25

← Previous: Reference Map · Next: csf Principles