---
title: "Firewall Management"
source: "https://docs.nexcess.com/hosting/security/firewall-management/"
description: "A firewall is your server's first defense. Learn how firewalls block threats, the types available, and how to configure them for robust security."
vertical: "Hosting"
date: "2025-07-11"
last_modified: "2026-07-02"
---

# Firewall Management

Your firewall is the gatekeeper of your server security. It acts as a protective barrier between your trusted data and the outside internet, automatically blocking malicious traffic and preventing unauthorized access.

Whether you use our Cloud Firewall, a hardware firewall, or software like CSF or Windows Firewall, proper configuration is essential.

---

Firewall Management Articles

27 results

This collection of guides will empower you to choose the right firewall, configure your rules, and manage ports to keep your infrastructure secure.

- ## [Adjusting LFD Notifications for Load Levels](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/adjusting-lfd-notifications-for-load-levels/)
    
    LFD monitors server security and load levels. Adjust PT\_Load\_Level in WHM to prevent false positives by matching it to the server’s CPU cores.
    
    
    
    [Read more: Adjusting LFD Notifications for Load Levels](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/adjusting-lfd-notifications-for-load-levels/)
- ## [Allowing Port Access by IP Address in CSF](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/allowing-port-access-by-ip-address-in-csf/)
    
    Each open firewall port is a potential vulnerability. It’s vital to keep all ports closed except for those essential for your server’s applications.
    
    
    
    [Read more: Allowing Port Access by IP Address in CSF](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/allowing-port-access-by-ip-address-in-csf/)
- ## [Backing Up Your CSF Firewall Configuration](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/backing-up-your-csf-firewall-configuration/)
    
    Before modifying CSF firewall settings, backup the current configuration. It ensures site protection if changes lead to unexpected issues, aiding troubleshooting.
    
    
    
    [Read more: Backing Up Your CSF Firewall Configuration](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/backing-up-your-csf-firewall-configuration/)
- ## [Blocking IP Addresses Using Windows Firewall](https://docs.nexcess.com/hosting/security/firewall-management/windows-firewall/blocking-ip-addresses-using-windows-firewall/)
    
    Your Windows server’s firewall guards against malicious attacks, enforcing rules to block unauthorized access and potentially harmful IP addresses.
    
    
    
    [Read more: Blocking IP Addresses Using Windows Firewall](https://docs.nexcess.com/hosting/security/firewall-management/windows-firewall/blocking-ip-addresses-using-windows-firewall/)
- ## [Blocking Traffic by Country in the CSF Firewall](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/blocking-traffic-by-country-in-the-csf-firewall/)
    
    Using CSF in WHM, filter and manage traffic by country. This helps with bandwidth, security, and content access but requires careful consideration.
    
    
    
    [Read more: Blocking Traffic by Country in the CSF Firewall](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/blocking-traffic-by-country-in-the-csf-firewall/)
- ## [Cloud Firewall](https://docs.nexcess.com/hosting/security/firewall-management/cloud-firewall/)
    
    Use our Cloud Firewall to block threats before they reach your server. Learn to configure rules, manage ports, and enhance your cloud security.
    
    
    
    [Read more: Cloud Firewall](https://docs.nexcess.com/hosting/security/firewall-management/cloud-firewall/)
- ## [ConfigServer eXploit Scanner (CXS): your website’s security watchdog](https://docs.nexcess.com/hosting/security/firewall-management/configserver-exploit-scanner-cxs/configserver-exploit-scanner/)
    
    CXS is your server’s watchdog, scanning for malware, quarantining threats, and monitoring files in real-time to keep your website secure.
    
    
    
    [Read more: ConfigServer eXploit Scanner (CXS): your website’s security watchdog](https://docs.nexcess.com/hosting/security/firewall-management/configserver-exploit-scanner-cxs/configserver-exploit-scanner/)
- ## [ConfigServer Security & Firewall (CSF)](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/)
    
    Harden your Linux server with CSF. Our guides show you how to install, configure, and manage this powerful firewall and security application.
    
    
    
    [Read more: ConfigServer Security & Firewall (CSF)](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/)
- ## [Configuring Your Cloud Firewall](https://docs.nexcess.com/hosting/security/firewall-management/cloud-firewall/configuring-your-cloud-firewall/)
    
    Firewalls safeguard servers by filtering network traffic based on rules. All Liquid Web servers have a software firewall; Linux servers typically have CSF, while Cloud servers can add an extra layer of protection with a Cloud firewall. It’s advisable to use both CSF and the Cloud firewall for enhanced security.
    
    
    
    [Read more: Configuring Your Cloud Firewall](https://docs.nexcess.com/hosting/security/firewall-management/cloud-firewall/configuring-your-cloud-firewall/)
- ## [CSF Country Blocking Dependency – Maxmind](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/csf-country-blocking-dependency-maxmind/)
    
    Learn about changes to CSF Country Blocking requiring that a key is obtained. Then, there is a value in /etc/csf/csf.conf that needs to be updated with the free license key.
    
    
    
    [Read more: CSF Country Blocking Dependency – Maxmind](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/csf-country-blocking-dependency-maxmind/)
- ## [Find (View) Default Zone for Firewalld on CentOS 7](https://docs.nexcess.com/hosting/security/firewall-management/find-view-default-zone-for-firewalld-on-centos-7/)
    
    Zones enhance an administrator’s capability to define trusts and restrict network traffic. Learn how to find the default zone in Firewalld on CentOS 7 via the command line.
    
    
    
    [Read more: Find (View) Default Zone for Firewalld on CentOS 7](https://docs.nexcess.com/hosting/security/firewall-management/find-view-default-zone-for-firewalld-on-centos-7/)
- ## [Getting Started with Configserver’s ModSecurity Control Plugin](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/getting-started-with-configservers-modsecurity-control-plugin/)
    
    Use the ConfigServer ModSecurity Control (CMC) plugin in WHM to whitelist specific rules for a secure yet smooth-running site. Configure it with this article’s guidance.
    
    
    
    [Read more: Getting Started with Configserver’s ModSecurity Control Plugin](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/getting-started-with-configservers-modsecurity-control-plugin/)
- ## [How to Start and Enable Firewalld on Fedora 23](https://docs.nexcess.com/hosting/security/firewall-management/how-to-start-and-enable-firewalld-on-fedora-23/)
    
    As a matter of following security best practices, you should protect your server with a firewall. Fedora 23 and CentOS 7 come with firewalld, an alternative to iptables.
    
    
    
    [Read more: How to Start and Enable Firewalld on Fedora 23](https://docs.nexcess.com/hosting/security/firewall-management/how-to-start-and-enable-firewalld-on-fedora-23/)
- ## [Installing Configserver’s ModSecurity Control Plugin on Your Server](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/installing-configservers-modsecurity-control-plugin-on-your-server/)
    
    Protect your web apps using ModSecurity WAF. Learn how to verify your Apache installation, install rules, and add the ConfigServer CMC plugin to WHM.
    
    
    
    [Read more: Installing Configserver’s ModSecurity Control Plugin on Your Server](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/installing-configservers-modsecurity-control-plugin-on-your-server/)
- ## [Malware Scanning with ConfigServer eXploit Scanner (CXS)](https://docs.nexcess.com/hosting/security/firewall-management/configserver-exploit-scanner-cxs/)
    
    Actively scan file uploads for malware with CXS. Learn to install, configure, and use this tool to block exploits before they can infect your site.
    
    
    
    [Read more: Malware Scanning with ConfigServer eXploit Scanner (CXS)](https://docs.nexcess.com/hosting/security/firewall-management/configserver-exploit-scanner-cxs/)
- ## [Manage your server’s firewall with iptables](https://docs.nexcess.com/hosting/security/firewall-management/iptables-firewall/)
    
    iptables can act as your server’s gatekeeper, deciding which network traffic is allowed in, out, or through your server.
    
    
    
    [Read more: Manage your server’s firewall with iptables](https://docs.nexcess.com/hosting/security/firewall-management/iptables-firewall/)
- ## [Opening and Closing Firewall Ports](https://docs.nexcess.com/hosting/security/firewall-management/opening-and-closing-firewall-ports/)
    
    Protect your server by managing network traffic. Learn how to safely open and close incoming and outgoing TCP firewall ports using CSF in WHM.
    
    
    
    [Read more: Opening and Closing Firewall Ports](https://docs.nexcess.com/hosting/security/firewall-management/opening-and-closing-firewall-ports/)
- ## [Restoring CSF Firewall Configuration from a Backup](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/restoring-csf-firewall-configuration-from-a-backup/)
    
    Protect your server by reverting unwanted changes. Learn how to safely restore your CSF firewall configuration from a backup in WHM’s Firewall Profiles.
    
    
    
    [Read more: Restoring CSF Firewall Configuration from a Backup](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/restoring-csf-firewall-configuration-from-a-backup/)
- ## [Scoping Ports in Windows Firewall](https://docs.nexcess.com/hosting/security/firewall-management/windows-firewall/scoping-ports-in-windows-firewall/)
    
    Security is paramount in today’s digital landscape. Scope Windows Firewall ports to allow only trusted IP addresses for added protection.
    
    
    
    [Read more: Scoping Ports in Windows Firewall](https://docs.nexcess.com/hosting/security/firewall-management/windows-firewall/scoping-ports-in-windows-firewall/)
- ## [Setting Up ModSecurity Configuration](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/setting-up-modsecurity-configuration/)
    
    Customize ModSecurity’s global settings using the ModSecurity Configuration. Learn to enable the settings you need in this guide.
    
    
    
    [Read more: Setting Up ModSecurity Configuration](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/setting-up-modsecurity-configuration/)
- ## [Unblocking an IP Address or Opening a Port in the Firewall](https://docs.nexcess.com/hosting/security/firewall-management/unblocking-an-ip-address-or-opening-a-port-in-the-firewall/)
    
    If an IP address has been blocked by the firewall on your cPanel VPS server unexpectedly, you can quickly resolve the issue yourself with just a little help.
    
    
    
    [Read more: Unblocking an IP Address or Opening a Port in the Firewall](https://docs.nexcess.com/hosting/security/firewall-management/unblocking-an-ip-address-or-opening-a-port-in-the-firewall/)
- ## [Using AnyConnect with your hardware firewall](https://docs.nexcess.com/hosting/security/firewall-management/using-anyconnect-with-your-hardware-firewall/)
    
    A corporate VPN secures remote access, encrypts data, prevents cyberattacks, and ensures compliance. It also enhances server management by restricting access to private networks via a secure connection.
    
    
    
    [Read more: Using AnyConnect with your hardware firewall](https://docs.nexcess.com/hosting/security/firewall-management/using-anyconnect-with-your-hardware-firewall/)
- ## [Using CSF Firewall to Mitigate DoS/DDoS Attacks](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/using-csf-firewall-to-mitigate-dos-ddos-attacks/)
    
    Mitigating DoS and DDoS attacks is challenging. There’s no way to prevent them, but we can reduce their impact and, in extreme cases, take the server temporarily offline.
    
    
    
    [Read more: Using CSF Firewall to Mitigate DoS/DDoS Attacks](https://docs.nexcess.com/hosting/security/firewall-management/configserver-security-firewall-csf/using-csf-firewall-to-mitigate-dos-ddos-attacks/)
- ## [Using FirewallD on CentOS 7](https://docs.nexcess.com/hosting/security/firewall-management/using-firewalld-on-centos-7/)
    
    Secure your CentOS 7 server with FirewallD. Learn how to easily start, stop, enable, disable, and check the status of this dynamic firewall via SSH.
    
    
    
    [Read more: Using FirewallD on CentOS 7](https://docs.nexcess.com/hosting/security/firewall-management/using-firewalld-on-centos-7/)
- ## [What is a Firewall?](https://docs.nexcess.com/hosting/security/firewall-management/what-is-a-firewall/)
    
    A firewall is like a security guard for your server. It checks all network traffic against a list of rules to block unauthorized access.
    
    
    
    [Read more: What is a Firewall?](https://docs.nexcess.com/hosting/security/firewall-management/what-is-a-firewall/)

1[2](?query-0-page=2)

[Next Page](/hosting/security/firewall-management?query-0-page=2)
