Installing Sentinel Firewall on Linux (Ubuntu, Debian, AlmaLinux)

CSF (ConfigServer Security & Firewall) was a popular firewall solution for Linux servers. Since CSF has officially been discontinued as of August 2025, the Sentinel Firewall project continues its development as a fully compatible fork. Sentinel is a drop-in replacement for CSF, providing the same functionality, security, and commands.

This guide covers installing Sentinel Firewall on popular Linux distributions:

Ubuntu: 22.04, 24.04, 25.04
Debian: 12, 13
AlmaLinux: 8, 9, 10
Rocky Linux: 8, 9, 10
CentOS Stream: 8, 9, 10

Remove Existing Firewalls (Optional but Recommended)

There may already be system firewalls active on your server (such as ufw on Ubuntu/Debian or firewalld on AlmaLinux/RHEL).
To avoid conflicts with Sentinel Firewall, it’s recommended to disable/remove them first.

We’ve included the commands for the most common default firewalls.
Run the commands only for the firewall installed on your system.

Run these commands to check for UFW, Firewalld, or CSF (if installed earlier):

For UFW:

systemctl status ufw

For Firewalld:

systemctl status firewalld

For CSF (ConfigServer Firewall):

csf -v

Ubuntu / Debian (UFW & Firewalld):

Disable UFW (if installed)

ufw disable
systemctl stop ufw
systemctl disable ufw

Stop Firewalld (if installed)

systemctl stop firewalld
systemctl disable firewalld
apt-get remove --purge firewalld -y

Flush iptables

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

AlmaLinux / RHEL / CentOS (Firewalld):

Stop and remove Firewalld


systemctl stop firewalld
systemctl disable firewalld
dnf remove firewalld -y

Flush iptables

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Download and Install Sentinel Firewall

Sentinel provides a CSF-compatible package that can be installed easily:

wget https://github.com/sentinelfirewall/sentinel/raw/refs/heads/main/csf.tgz

tar -xzf csf.tgz

cd csf

sh install.sh

During installation, you may see warnings about TESTING mode. This is normal.

Configure Sentinel / CSF

Open configuration file:

nano /etc/csf/csf.conf

Set TESTING to `0`:

TESTING = "0"

Save & exit, then restart services:

systemctl restart csf lfd
csf -e

Verify Firewall

csf -l # List rules
systemctl status csf lfd
iptables -L -n -v

By switching to Sentinel, you ensure your servers remain secure with up-to-date firewall protection.
Official site: https://sentinelfirewall.org

(Visited 1 times, 1 visits today)

Remove Existing Firewalls (Optional but Recommended)

For UFW:

For Firewalld:

For CSF (ConfigServer Firewall):

Ubuntu / Debian (UFW & Firewalld):

Disable UFW (if installed)

Stop Firewalld (if installed)

Flush iptables

AlmaLinux / RHEL / CentOS (Firewalld):

Stop and remove Firewalld

Flush iptables

Download and Install Sentinel Firewall

Configure Sentinel / CSF

Open configuration file:

Set TESTING to 0:

Save & exit, then restart services:

Verify Firewall

Set TESTING to `0`: