and at what cost - bleeding funds from other support tasks and Pro
2 Likes
It may have a positive effect too—CSF is popular, and anyone willing to continue using it might end up coming to us. Since we have a good reputation with Webmin and Virtualmin, they would likely trust us over an unknown developer. CSF runs as root, and I doubt anyone in their right mind would just use a random version from an unknown developer.
2 Likes
I would wait a month or so to sse how things pan out.
If Virtualmin did do a version and allowed it for other platforms I would brand it throughout 
(logos and links.)
maybe - but i for one (possibly only one) would not.
in fact just like WP Workbench - as not remotely interested in WP - also puts me off.
there are still some good benefits and i actively try to persuade my small number of clients to go Pro (none of whom use WP) as hat was a reason why they came to me in the first place.
Thanks! Though, what do they use it for if not WP?
I could list - but top of the list is probably NodeJS.
but the last one wanted Django.
I think one used LimeSurvey and tried Yoururs and has since abandoned that.
There are some good Webapps there (any one of which IMO would be better than adding/keeping WP)
Well I said this would be nice if we had unlimited resources, but in practice I think we should let someone else own it.
3 Likes
People already put to much trust in “I have a firewall”. You need people well versed in security to keep eyes on it as things change.
For once in my life I’m with Stegan. You guys are short on time and man power now the last thing you need a is a distraction
I would only support this a if its a pro only feature, other wise you will get no financial benefit. and no I do not use CSF
1 Like
still using csf/lfd and was about to drop fail2ban completely before this discontinuation thingy.. don’t know yet what i’ll do regarding fw next, probably wait and see what happens in the fork saga. (likely migrate to another fw if there is no trusted fork).
btw, csf can easily replace firewalld + fail2ban + 3rd party f2b addons/filters (for most common hosting scenarios), and feels much much lighter…
2c.
Feels much lighter .. you having issues picking it up ?
I have no interest in if CSF can replace F2B as Im happy to use what ever comes in the box from VM. The issue above is the VM team do not have the man power to take on another job when they cant find the time to do the job I’m paying for.
Someone else can take the project up if not let it die as its obviously not making anyone any money
1 Like
What about this?
Aetherinox / csf-firewall 90 stars - 14 forks
README.md 09/21/2025 12:28 UTC
Personally, I first updated my server according to the instructions in the link below with CSF v15.00 GPLv3:
How to Keep ConfigServer Firewall (CSF) Running After the Shutdown
The update was very easy and none of my settings changed, nor did anything strange happen.
And then, I continued with a 2nd update following aetherinox.github.io instructions.
The update -again- was very easy and none of my settings changed, nor did anything strange happen.
Looks good to me!
By the way, the new version of Authentic lets you configure defaults using the following hardcoded config vars:
settings_csf_download_domain_privileged = 'download.configserver.com';
settings_csf_download_port_privileged = 443;
settings_csf_download_path_privileged = '/csf/version.txt';
After making a change, you should call the following to save it:
theme.config.save();
Once we agree on which fork to use, we’ll make that one the default.
2 Likes
Things like this should be part of virtualmin and not the theme 
Why Virtualmin and not Webmin CSF module?
you are right, webmin is probably a better place.
I keep forgetting virtualmin and webmin are separate.
Also when you mentioned Authentic Theme , Virtualmin is one step down.
Webmin → Virtualmin → authentic theme.
Theme should just be the theme, styling and what not 
Should and can don’t always go together—we don’t control the Webmin CSF module, and it never had an option to configure the download upstream host, port, and page; if they did, we would happily use that.
The point that I am trying to make, irrelevant of who controls what, and where the module is, is that module settings such as above should not be controlled in a theme. The rest of the variables in this equation are irrelevant
I know you want the theme to be just html & JS but to be fair it would appear that csf may die or go in a different direction, so at this point in time is there any reason for raising this ? It will get sorted out in it’s own time
2 Likes