Bug Report: CSF Configuration Not Persisting After CyberPanel Upgrade
Summary:
After upgrading CyberPanel, the CSF (ConfigServer Security & Firewall) module under Security > CSF does not retain user configurations. The firewall settings reset to default, causing loss of custom rules—especially custom SSH port changes. This results in repeatedly having to reconfigure the firewall and, at times, being locked out of SSH.
Steps to Reproduce:
- Log in to CyberPanel and go to Security > CSF.
- Edit and save custom firewall rules (e.g., change the SSH port, allow/disallow custom ports).
- Upgrade CyberPanel to a new version.
- Return to Security > CSF and check the firewall configuration.
Expected Result:
- Custom CSF settings (including allowed/blocked ports and SSH port changes) are preserved after CyberPanel upgrades.
Actual Result:
- After upgrade, CSF reverts to default settings.
- Custom rules and port changes are lost.
- Have to manually re-enter or re-add custom ports and settings.
- On several occasions, this has locked me out of SSH when my custom port was lost from the allowed list, even if I enter it manually in ConfigServer Security & Firewall (Cyberpanel → Security → Firewall) config file.
Environment:
- **CyberPanel Version: 2.4.2
- **OS:**AlmaLinux 9
- CSF Version: [ csf v14.24]
- Panel Upgrade Method: [via SSH]
Notes:
- This has happened on multiple upgrades.
- Especially affects users who use non-default SSH ports for security.
Suggested Solution:
- Ensure that CyberPanel upgrade scripts do not overwrite or reset user-customized CSF configuration files.
- Add a backup/restore step for CSF config during panel upgrade.
- Warn users if custom CSF settings may be lost on upgrade.
Workaround:
- Manually back up
/etc/csf/csf.conf
and other CSF config files before every upgrade and restore them after.
Thank you for your attention, this issue can lead to accidental server lockouts and downtime.