CSF Firewall setup:

CSF is very popular firewall. It comes with lots of prebuilt features and most of the case just doing simple installation
will protect server from many known issues. Please check http://configserver.com/cp/csf.html to see all the options and features
available.

Installation

rm -fv csf.tgz

wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

basic configuration:

port settings:
By default following ports are opened:

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
TCP_OUT = "20,21,22,25,53,80,110,113,443"
UDP_IN = "20,21,53"
UDP_OUT = "20,21,53,113,123"
We can remove any port or add any port as per our requirement.
 some important ports to be considered :
 10000 // webmin default port
 2087,2083,2086 // cpanel ports
 26 // some server use 26 as outgoing mail server to by pass ISP limitation.

So based on your requirement, please add necessary ports.

to edit the ports open any editor like vim:
 vi /etc/csf/csf.conf

and dont forget to restart

service csf restart
 Blocking predefined IPs:
 vi /etc/csf/csf.deny
1.2.3.4
 198.168.0.0/16
 Allowing predefined IPS:
vi /etc/csf/csf.allow

edit above file as per requirement to deny or allow predefined ips.

Ips can be single ip per line or range per line as above.

Once all the settings are done, we can set testing mode to live mode by
 setting

 TESTING = 0
 and restarting the csf by
 service csf restart

Basic commands:
Csf comes with lots of command line command, simply typing csf on command line will show all the available
commands but some frequently used commands are:

csf -d <ip adress to block>
 csf -a <ip address to allow / unblock>
 csf -r <reload rules>