ConfigServer Security & Firewall (csf) https://configserver.com/cp/csf.html
will there be no conflicts?
Search this forum…
Its possible to replace Hestia’s firewall system with CSF. Note that if you do so you won’t be able to use the hestia firewall config page, including ipset tools. It will also take over some of the functionality of fail2ban, so you’ll probably have to disable that.
I sometimes use it on hestia servers where egress filtering is important to me, or I need to keep an eye on which processes are doing things, or I need one of the other CSF features. Be prepared for some tinkering after you set it up.
We installed CSF in our Hestia server and no issues in our typical HESTIACP installation unless you have special firewall rules set.
Ref: How to install CSF on Hestia CP [Config firewall] - VVCARES WEB DESIGN
Let me clear a bit of confusion here:
The main thing is: iptables. All other scripts works with it.
You can run these scripts in parallel, i. e. CSF and Hestia. If you do so, the rules will be added in duplicate. If you are using the same style of configuration in both, like having a specific port for a particular service, then both will be in the iptables.
Rules are processed serially. The first one listed in the iptables gets a priority. Typically, CSF takes command at the boot time and adds rules in the iptables. These rules are added first and gets on the top of rules created by other scripts, which obviously gets processed before any others. Thereafter, Hestia process is loaded or started. Then, it will also load rules in the iptables.
Because of the execution of rules in series, they would not be any conflict because logically rules by CSF gets a priority.
But if you have some additional rules applied only through Hestia, they are added later in boot process. But they will be applied.
I have both scripts active since years and never ever bothered to deactivate firewall scripts in Vesta or Hestia.